packet filtering by someone else

Post Reply
nethic
Newby Cowboy
Posts: 32
Joined: Wed Sep 22, 2004 8:22 pm
Location: in your room
Contact:

packet filtering by someone else

Post by nethic » Sun Sep 26, 2004 11:43 am

Permissive packet filtering


You can construct a packet filter so that it stops packets destined for specified services from passing through an interface. This allows access to all services except those that you specifically block because they may be used to attack your site's systems. A drawback with this approach is that it may implicitly allow an attack on an internal server which is providing a service of which you have no knowledge. ``A packet filter that blocks a limited number of services'' shows a filter that drops packets that are destined for the telnetd, ftpd and rlogind servers but which allows packets for all other services to pass.





A packet filter that blocks a limited number of services



NOTE: As the normal operation of a permissive packet filter is to prevent access to local services from outside, you will usually apply such a filter to the incoming stream of a gateway interface. For PPP, this corresponds to the passin filter.

``Services which you may wish to restrict'' lists some services to which you may want to consider restricting access using a packet filter.


Services which you may wish to restrict




Service
Port/protocol
Description


systat
11/tcp
Display output from ps


systat
11/udp
Display output from ps


netstat
15/tcp
Display output from netstat


netstat
15/udp
Display output from netstat


telnet
23/tcp
telnet server (in.telnetd) port


nameserver
53/tcp
DNS server (in.named) port


nameserver
53/udp
DNS server (in.named) port


tftp
69/udp
TFTP server (in.tftpd) port


finger
79/tcp
finger server (in.fingerd) port


link
87/tcp
ttylink port


sunrpc
111/tcp
RPC bind server (rpcbind) port


sunrpc
111/udp
RPC bind server (rpcbind) port


exec
512/tcp
Remote execution server (in.rexecd) port


login
513/tcp
Remote login server (in.rlogind) port


shell
514/tcp
Remote shell server (in.rshd) port


printer
515/tcp
Print services port


uucp
540/tcp
UUCP daemon port


nfsd
2049/udp
NFS server daemon (nfsd) port


xserver0
6000/tcp
First X server port




NOTE: TFTP service is probably most vulnerable to attack. If possible, block access to TFTP from outside your organization's networks.




See also:



filter(4)

inetd(1Mtcp)

inetd.conf(4tcp)

services(4tcp)
© 1999 The Santa Cruz Operation, Inc. All rights reserved.
UnixWare 7 Release 7.1.1 - 5 November 1999

Post Reply