Should I filter ports?

Discuss the many weaknesses of browser security and ways to mitigate the threat

Should I filter ports?

Post by ampakine on Sun Jun 05, 2011 1:44 pm
([msg=58123]see Should I filter ports?[/msg])

Sorry for the flurry of threads, I didn't want to lump this in with the OS fingerprinting thread. I've decided to harden my Ubuntu system as best I can. I notice that nmap detects all the ports it probes as closed on my system. I'm providing hackers with valuable information here ament I? Am I right in assuming that by configuring my firewall to block probes from port scanners I'll significantly reduce the amount of info that can be obtained about my system with tools like nmap?
ampakine
Experienced User
Experienced User
 
Posts: 65
Joined: Tue May 31, 2011 5:21 pm
Blog: View Blog (0)


Re: Should I filter ports?

Post by Goatboy on Sun Jun 05, 2011 2:07 pm
([msg=58124]see Re: Should I filter ports?[/msg])

The "valuable information" you are providing is that you are safe from pretty much any remote attack. If you filter everything, someone might try to find out what's behind the filter, thus increasing interest in your system. Personally I just leave all my closed ports closed, and my open ports (really the services on them) secure.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2806
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Should I filter ports?

Post by ampakine on Sun Jun 05, 2011 7:49 pm
([msg=58134]see Re: Should I filter ports?[/msg])

Good point. Doesn't nmap use closed ports for OS fingerprinting though?

-- Mon Jun 06, 2011 8:59 am --

Finding out whats behind the filters is practical if only a handful of ports are filtered but if every single port of is filtered a hacker wouldn't have any clues about what ports may be open. I ran nmap -O on my brothers IP and heres what I got:
Starting Nmap 5.21 ( http://nmap.org ) at 2011-06-06 13:52 IST
Nmap scan report for 192.168.1.3
Host is up (0.0095s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
88/tcp filtered kerberos-sec
5900/tcp filtered vnc
49152/tcp filtered unknown
MAC Address: XX:XX:XX:XX:XX (Apple)
Device type: phone|media device|general purpose|specialized
Running: Apple iPhone OS 1.X|2.X|3.X, Apple Mac OS X 10.5.X, VMware ESX Server 3.X
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.79 seconds


so then I ran nmap -sV and heres what I got:
Starting Nmap 5.21 ( http://nmap.org ) at 2011-06-06 14:24 IST
Nmap scan report for 192.168.1.3
Host is up (0.017s latency).
Not shown: 980 closed ports
PORT STATE SERVICE VERSION
13/tcp filtered daytime
88/tcp filtered kerberos-sec
481/tcp filtered dvs
1001/tcp filtered unknown
1053/tcp filtered unknown
1092/tcp filtered unknown
1166/tcp filtered unknown
1417/tcp filtered timbuktu-srv1
1805/tcp filtered unknown
1864/tcp filtered paradym-31
2008/tcp filtered conf
2045/tcp filtered cdfunc
2381/tcp filtered unknown
5269/tcp filtered unknown
5431/tcp filtered park-agent
5900/tcp filtered vnc
5961/tcp filtered unknown
16113/tcp filtered unknown
27000/tcp filtered flexlm0
49152/tcp filtered unknown
MAC Address: XX:XX:XX:XX:XX (Apple)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.78 seconds

I see there are 2 remote desktop control server ports (timbuktu and vnc) in there. Would you say Mac OS X filters these ports regardless of whether they are open or closed as a security measure?
ampakine
Experienced User
Experienced User
 
Posts: 65
Joined: Tue May 31, 2011 5:21 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests