if the web server is microsoft, i would do this: 1) set up a linux box with 2.4 2) configure two ints 3) give 1st int IP of web server 4) give second int a private ip (eg. 10.0.0.1) 5) re-ip web server to same private subnet (eg. 10.0.0.2) 6) put crossover cable between private ints 7) set up iptables to drop everything except incoming ssh (for remote shell, if necessary) 8) set up iptables PREROUTING chain to bounce tcp externalIP:port80 to 10.0.0.2:80 a port scan should then only have tcp/22 & tcp/80 open. MS opens up so many services, who the hell knows whats going on (who cares). microsoft is only useful on private lans... by putting the linux box up between the web server and internet, it can function as a logging firewall and is really useful. this box can easily do the job with 32mb and 133mhz. hard drive space is only necessary for logging. this is inexpensive and extremely effective. the expensive, better solution is to set up a PIX. if the web server is unix/linux, just set up a software IP firewall (eg. iptables=linux, ipfilter=sunos, etc..) hope this helps, fernando pando -----Original Message----- From: listadmin@linuxsecurity.com [mailto:listadmin@linuxsecurity.com]On Behalf Of Marek Sent: Thursday, October 18, 2001 7:27 AM To: security-discuss@linuxsecurity.com Subject: Nmap Hi Colleagues A friend of mine asked me port scan his nt iis web box with my linux box to see the results. i used nmap -v -sS -O x.x.x.x. i noticed that there where "hundreds" of ports in the open state. what should i tell him is the reason ? yeah i know he should be using apache. :-) Cheers Marek ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
