Hosting Provided By

RE: [gentoo-server] how to stop tracing

From: Tom Grace <stonertom(at)gmail.com>
Date: Wed Jan 16 2008 - 15:05:11 EST

Hello, you could also investigate psad the port scan attack detector. Afaik it will do dynamic firewall configuration. You could block connections from those scanning you. L8r, tom

---Original Email---
From:Lindsay Haisley <fmouse-gentoo@fmp.com> Date:16/01/2008 18:41
To:gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] how to stop tracing

Probably the most security-critical information here is version information. You can often configure daemons such as the apache server to hide version information. See, for instance:

www.debianadmin.com/apache-tipshide-apache-information-php-software-version.html

nmap also, I think, does some fairly intelligent analysis of connection announcements from servers and compares small details in these against the responses of known software packages and versions of same. Courier pop3d, for instance, doesn't announce that it's the Courier POP3 daemon when one connects to port 110, but nmap figures this out just the same.

Otherwise, as Andrew says, you're going to have to live with a certain amount of exposure by virtue of the fact that you're running servers. Keep up with security updates and don't do anything silly with your configurations!

On Wed, 2008-01-16 at 18:06 +0530, widyachacra wrote:
> Dear List friends,
>
> When i scan my own domain from an out side host using 'nmap' tool it
> shows following results. How do i block this kind of tracing using
> linux. Please help me.
>
> nmap tracing result,
>
> PORT STATE SERVICE VERSION
> 25/tcp open smtp netqmail smtpd 1.04
> 53/tcp open domain
> 80/tcp open http Apache httpd 2.2.6 ((Gentoo))
> 110/tcp open pop3 Courier pop3d
> 119/tcp open ssh OpenSSH 4.7 (protocol 2.0)
> 209/tcp open tam?
> 443/tcp open http Apache httpd 2.2.6 ((Gentoo))
> 628/tcp open tcpwrapped
> 993/tcp open ssl/imap Courier Imapd (released 2005)
> 995/tcp open ssl/pop3 Courier pop3d
>
>
> --
> ---
>
> - Widyachacra Rajapaksha -
>
> * Lots of people make the mistake of thinking that Microsoft is a
> software company. That's wrong. Microsoft is an abuse company that
> uses software as a method of delivering abuse.
>
> * Never let a woman know that YOU are interested in her.
> Love is a wish that hides in your heart, and nobody knows about it but
> YOU
> Reply With Quote

-- 
gentoo-server@lists.gentoo.org mailing list

-- 
gentoo-server@lists.gentoo.org mailing list

Received on Wed Jan 16 15:06:12 2008

This message: [ Message body ]
Next message: Christopher Dale: "Re: [gentoo-server] how to stop tracing"
Previous message: Lindsay Haisley: "Re: [gentoo-server] how to stop tracing"
Maybe in reply to: widyachacra: "[gentoo-server] how to stop tracing"
Next in thread: Christopher Dale: "Re: [gentoo-server] how to stop tracing"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Mon Jun 16 2008 - 17:41:21 EDT

Do you need help?