[Techtalk] question around port filtering, etc.
bsweeney at physics.ucsb.edu
Thu Aug 23 11:50:15 EST 2001
If they're going to filter you, filter them. If you think they're going
to filter out ports to your machine if they figure out your running a
mailserver on it, and you know their ip address b/c they're portscanning
you, firewall them out of your webserver with iptables or ipchains
depending on what kernel you're running. If you've got the standard
INPUT OUTPUT FORWARD chains setup, and you're running iptables,
iptables -A INPUT -s <evil ISP scanner address> -p tcp --dport 123 -j DENY
or, if you're feeling really saucy,
iptables -A INPUT -s <evil ISP scanner address> -j DENY
and they'll never see anything on your machine (or at least it'll come
up "filtered"). If they're being particularly clever, you could even do
some port redirection, so that if they do hit the port your webserver is
running on, it redirects them to something harmless. I'm not sure if
this will actually help at all though.
My guess is, however, that they're only going to make a habit of filter
out "well-known" server ports. But that, as I said, is just a guess ;-).
Michelle Murrain wrote:
> Howdy folks,
> I've got high-speed internet access through a cable modem provider.
> For a while, I was able to run a web server w/o any problem (using
> Dynamic DNS). It is against their rules, but...
> Anyway, I had noticed they'd been portscanning me for a while (I was
> using snort). I didn't think much of it, until yesterday I found out
> that they are now filtering specific ports, including port 80, so
> people can't get at my web sites. (The wierd thing is that they have
> open and/or are filtering ports that I don't have open - i.e. the
> localhost nmap and external nmap do not match.). I have now decided to
> move to getting business DSL, because I really want the ability to
> host my own web sites, but that might take months. In the meantime,
> I've changed the port that httpd is listening to - and it's working,
> for now. I'm sure that they'll start filtering that port too at some
> So this is my question: Is there any way to fool them about what port
> httpd is running on? There is nothing essential right now on the web
> site, but I've got a fair number of web programming projects that
> people are beta testing, or using for minor projects, and telling them
> what port to go to every other day is a pain, to say the least. Also,
> I've got some mailman lists I was going to resurrect, but then folks
> wouldn't have access to the web interface easily. It would be nice if
> I could just set a port, and that port would work for the duration
> until I got new service.
> Additional info - right now, the cable modem is plugged into a Netopia
> Router, which does NAT, and acts as a firewall. It can do some fairly
> sophisticated stuff.
> Michelle Murrain
> michelle at murrain.net
> Techtalk mailing list
> Techtalk at linuxchix.simegen.com
More information about the Techtalk