Re: possible problem with scp/ssh/telnet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On 08/12/2012 07:46 PM, Reindl Harald wrote:
>
> Am 12.08.2012 12:53, schrieb Ed Greshko:
>> On 08/12/2012 06:05 PM, Reindl Harald wrote:
>>> Am 12.08.2012 09:45, schrieb Ed Greshko:
>>>
>>>> That normally means that the port is open on the remote side (krazy being your cygwin host) but that the server is not running.
>>> wrong
>> You can't issue a blanket "wrong" and subsequently include what you've said is "wrong". 
> sure becasue "connection refused" means nothing else than connection
> refused and that can be a outgoing firewall, firewall on the
> remote-side and any filter/networking component between the machines
>
> in most networks you see no difference in teh resposne between
> service not running or connection denied which is what "refused"
> means
>
>> You could say, "maybe" or "may be not" and then go on to say....
> no because "connection refused" does NOT "normally mean the port is open"
>
>>> this means that service is not running or a proper firewall configuration is active
>>> iptables can reject with "icmp-port-unreachable" and behaves exactly like that
>>> however, i drop packages since a DDOS where you do not want additional
>>> traffic with ICMP responses......
>> Since the system is a windows system that the OP indicated he hasn't changed, 
>> I choose to believe him, coupled with the failure of "ssh localhost" 
>> leads me to stand by my diagnosis
> yes but the "ssh localhost" came later
>
> while even this does not say anything in some setups
> i have a server where "telnet lcoalhost 445" leads to "connection
> refused" while SMB is reachable from the local network - the sense
> of this: prevent attacks to zero-day-exploits from php-scripts
> running on the webserver (even if there only trustable scripts)
>
> here are the ICMP answers you can define for each incoming and
> outgoing rule up to "network unreachable" only on a single port
> to destroy OS fingerprinting:
> http://www.linuxtopia.org/Linux_Firewall_iptables/x4550.html
>

Whatever you say....

I look forward to your helping the OP to resolve his problem. 

-- 
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -- Rick Cook, The Wizardry Compiled

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



Photo 4 Less

[Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Find Someone Special]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

Add to Google Powered by Linux