quick intrusion question...
Results 1 to 5 of 5

Thread: quick intrusion question...

  1. #1
    Senior Member
    Join Date
    Mar 2003
    Posts
    135

    quick intrusion question...

    I was setting up my iptables with shorewall and as I was adding rules I wondered something. If I open a port, and any programs that use said port are not running, then what happens to the packets that someone might send to try to exploit that port? If no programs are up for the computer to send the packets to, then are they dropped? Logged? Something else?
    All comments would be appreciated as I am trying to learn as much as possible, and I'm starting at a pretty low level.

  2. #2
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    When a program stops "listening" for ports on your machine then they tend to be either blocked or dropped. If you don't have a program which specifically listends for a port, like telnet or ftp, then I wouldn't worry too much.

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    135
    Yeah, that's kind of what I was thinking; it's just a lot different than the norton I cut my teeth on because when you set it up it's usually for each program, not just port by port. I also was wondering what exactly happens to the packets and any info anyone might have on the logs

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    As NeuTron indicated when nothing is listening there is no socket. the port is closed but trafiic is logged or dropped depending on your FW rules. Shutting down the listening app does not change the rules. the FW is before the app and it will treat any packet the way you tell it to regardless of the apps state

    hope that helps
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Junior Member
    Join Date
    Apr 2003
    Posts
    24
    Depending on how your box (and your network) is configured, your machine may also return an ICMP SERVICE UNAVAILABLE packet, or confusingly, an ICMP TIMEOUT EXCEEDED packet.

    -C

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •