here´s the result of my redhat home server before the firewall rules:
Code: Select all
Starting Nmap 4.00 ( http://www.insecure.org/nmap ) at 2006-04-01 15:49 Westeuropäische Sommerzeit
Interesting ports on 169.254.246.62:
(The 1666 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
3306/tcp open mysql
6000/tcp open X11
MAC Address: 00:11:3B:04:BA:CA (Micronet Communications)
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux 2.4.0 - 2.5.20
Uptime 0.045 days (since Sat Apr 01 14:44:15 2006)
Nmap finished: 1 IP address (1 host up) scanned in 2.375 seconds
here´s the result after applying the firewall rules:
Code: Select all
Starting Nmap 4.00 ( http://www.insecure.org/nmap ) at 2006-04-01 15:49 Westeuropäische Sommerzeit
Interesting ports on 169.254.246.62:
(The 1665 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp closed ftp
22/tcp open ssh
25/tcp closed smtp
53/tcp closed domain
80/tcp open http
110/tcp closed pop3
MAC Address: 00:11:3B:04:BA:CA (Micronet Communications)
Device type: general purpose|broadband router|firewall
Running: Linux 2.4.X|2.5.X, D-Link embedded, WatchGuard embedded
OS details: Linux 2.4.0 - 2.5.20, Linux 2.4.18 - 2.4.20, Linux 2.4.26, Linux 2.4.27 or D-Link DSL-500T (running linux 2.4), WatchGuard Firebox X700
Uptime 0.046 days (since Sat Apr 01 14:44:16 2006)
Nmap finished: 1 IP address (1 host up) scanned in 22.188 seconds
it´s not really hiding the OS like ip personality does for example, but it´s at least pretty confusing,right? imo a good basic way to increase security on Linux without the need to compile a new kernel.
if anybody is interested in the rule settings let me know...