|
Home > Archive > Red Hat Security > January 2004 > Blocking UDP ports
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Blocking UDP ports
|
|
| S Brower 2004-01-23, 7:50 pm |
| I am running RH9 and using a cable modem service as my ISP. Although my
machine is not on unless I'm home and using it, is there a way to
block UDP ports? As it is now, I left my machine on and went to a friends
house to do some port scans on my IP. I saw a lot of 'closed' UDP ports.
I would rather have them blocked...the good news is that everythingelse
was blocked (as far as I could tell, at least.)
It looks like DNS is UDP 53 but I can designate specific IPs to allow
traffic there. Unfortunately I don't know what else I need to allow.
I have two questions:
1) Is there a way to do this without setting up another machine as a
firewall/bastion host?
2) Where can I get more info on UDP ports and learn for myself instead of
bothering all of you? I have done Google searches and there
are too many resources for me to narrow down.
Best regards,
SRB
| |
| John D Loop 2004-01-23, 7:50 pm |
| I have to believe the port is "blocked" which means no unsolicited UDP
packets are allowed in, as long as you are running the simple firewall.
I guess you want RH9 to not do an "ICMP port unreachable," back to the
source? i.e. be stealthed?
Is it true RH9 issues ICMP port unreachables, or something like that....?
J
--
Check my web site for tips on homenetworking and safe computing
www.pccitizen.com
"S Brower" <maillistsNODAMNSPAM@tampabay.rr.com> wrote in message
news:pan.2003.08.06.23.17.06.481947@tampabay.rr.com...quote:
> I am running RH9 and using a cable modem service as my ISP. Although my
> machine is not on unless I'm home and using it, is there a way to
> block UDP ports? As it is now, I left my machine on and went to a friends
> house to do some port scans on my IP. I saw a lot of 'closed' UDP ports.
> I would rather have them blocked...the good news is that everythingelse
> was blocked (as far as I could tell, at least.)
>
> It looks like DNS is UDP 53 but I can designate specific IPs to allow
> traffic there. Unfortunately I don't know what else I need to allow.
>
> I have two questions:
> 1) Is there a way to do this without setting up another machine as a
> firewall/bastion host?
> 2) Where can I get more info on UDP ports and learn for myself instead of
> bothering all of you? I have done Google searches and there
> are too many resources for me to narrow down.
>
> Best regards,
> SRB
|
|
|
|
|