Open ports on FC2
Jorge Fábregas
fabregasj at prtc.net
Sat Jul 24 20:20:07 UTC 2004
On Saturday 24 July 2004 4:16 pm, Chris Hewitt wrote:
> ..but that told John he had ports 21 and 23 with servers on. I'm a bit
> suspicious.
Hi,
This is John's post:
> Tell inquirers that ports 21 and 23 exist but are
> closed to connections
It didn't say that those ports were open. It probably means that he has some
ACL (access control list) on the server, thru inetd, xinetd or the daemons
themselves...and when someone attempts these ports on his machine you're just
denied access (but that's the problem: you know they are there!). That's the
main difference between REJECT and DROP when you use iptables. With DROP the
port scanner will not receive a response back. With REJECT you'll get a
response back. Youl should avoid REJECT...and always use DROP (it's way
better..as you're completely STEALTH). The only reason for using REJECT
(that I can think of) is for trouble-shooting purposes.
More information about the fedora-list
mailing list