possible problem with scp/ssh/telnet
Reindl Harald
h.reindl at thelounge.net
Sun Aug 12 11:46:04 UTC 2012
Am 12.08.2012 12:53, schrieb Ed Greshko:
> On 08/12/2012 06:05 PM, Reindl Harald wrote:
>>
>> Am 12.08.2012 09:45, schrieb Ed Greshko:
>>
>>> That normally means that the port is open on the remote side (krazy being your cygwin host) but that the server is not running.
>> wrong
>
> You can't issue a blanket "wrong" and subsequently include what you've said is "wrong".
sure becasue "connection refused" means nothing else than connection
refused and that can be a outgoing firewall, firewall on the
remote-side and any filter/networking component between the machines
in most networks you see no difference in teh resposne between
service not running or connection denied which is what "refused"
means
> You could say, "maybe" or "may be not" and then go on to say....
no because "connection refused" does NOT "normally mean the port is open"
>> this means that service is not running or a proper firewall configuration is active
>> iptables can reject with "icmp-port-unreachable" and behaves exactly like that
>> however, i drop packages since a DDOS where you do not want additional
>> traffic with ICMP responses......
>
> Since the system is a windows system that the OP indicated he hasn't changed,
> I choose to believe him, coupled with the failure of "ssh localhost"
> leads me to stand by my diagnosis
yes but the "ssh localhost" came later
while even this does not say anything in some setups
i have a server where "telnet lcoalhost 445" leads to "connection
refused" while SMB is reachable from the local network - the sense
of this: prevent attacks to zero-day-exploits from php-scripts
running on the webserver (even if there only trustable scripts)
here are the ICMP answers you can define for each incoming and
outgoing rule up to "network unreachable" only on a single port
to destroy OS fingerprinting:
http://www.linuxtopia.org/Linux_Firewall_iptables/x4550.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120812/dbb84362/attachment.sig>
More information about the users
mailing list