Re: possible problem with scp/ssh/telnet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 12.08.2012 12:53, schrieb Ed Greshko:
> On 08/12/2012 06:05 PM, Reindl Harald wrote:
>>
>> Am 12.08.2012 09:45, schrieb Ed Greshko:
>>
>>> That normally means that the port is open on the remote side (krazy being your cygwin host) but that the server is not running.
>> wrong
> 
> You can't issue a blanket "wrong" and subsequently include what you've said is "wrong". 

sure becasue "connection refused" means nothing else than connection
refused and that can be a outgoing firewall, firewall on the
remote-side and any filter/networking component between the machines

in most networks you see no difference in teh resposne between
service not running or connection denied which is what "refused"
means

> You could say, "maybe" or "may be not" and then go on to say....

no because "connection refused" does NOT "normally mean the port is open"

>> this means that service is not running or a proper firewall configuration is active
>> iptables can reject with "icmp-port-unreachable" and behaves exactly like that
>> however, i drop packages since a DDOS where you do not want additional
>> traffic with ICMP responses......
> 
> Since the system is a windows system that the OP indicated he hasn't changed, 
> I choose to believe him, coupled with the failure of "ssh localhost" 
> leads me to stand by my diagnosis

yes but the "ssh localhost" came later

while even this does not say anything in some setups
i have a server where "telnet lcoalhost 445" leads to "connection
refused" while SMB is reachable from the local network - the sense
of this: prevent attacks to zero-day-exploits from php-scripts
running on the webserver (even if there only trustable scripts)

here are the ICMP answers you can define for each incoming and
outgoing rule up to "network unreachable" only on a single port
to destroy OS fingerprinting:
http://www.linuxtopia.org/Linux_Firewall_iptables/x4550.html

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux