Re: possible problem with scp/ssh/telnet |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: possible problem with scp/ssh/telnet
- From: Ed Greshko <Ed.Greshko@xxxxxxxxxxx>
- Date: Sun, 12 Aug 2012 19:54:43 +0800
- Delivered-to: users@xxxxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <5027977C.5020606@thelounge.net>
- Reply-to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0
On 08/12/2012 07:46 PM, Reindl Harald wrote:
>
> Am 12.08.2012 12:53, schrieb Ed Greshko:
>> On 08/12/2012 06:05 PM, Reindl Harald wrote:
>>> Am 12.08.2012 09:45, schrieb Ed Greshko:
>>>
>>>> That normally means that the port is open on the remote side (krazy being your cygwin host) but that the server is not running.
>>> wrong
>> You can't issue a blanket "wrong" and subsequently include what you've said is "wrong".
> sure becasue "connection refused" means nothing else than connection
> refused and that can be a outgoing firewall, firewall on the
> remote-side and any filter/networking component between the machines
>
> in most networks you see no difference in teh resposne between
> service not running or connection denied which is what "refused"
> means
>
>> You could say, "maybe" or "may be not" and then go on to say....
> no because "connection refused" does NOT "normally mean the port is open"
>
>>> this means that service is not running or a proper firewall configuration is active
>>> iptables can reject with "icmp-port-unreachable" and behaves exactly like that
>>> however, i drop packages since a DDOS where you do not want additional
>>> traffic with ICMP responses......
>> Since the system is a windows system that the OP indicated he hasn't changed,
>> I choose to believe him, coupled with the failure of "ssh localhost"
>> leads me to stand by my diagnosis
> yes but the "ssh localhost" came later
>
> while even this does not say anything in some setups
> i have a server where "telnet lcoalhost 445" leads to "connection
> refused" while SMB is reachable from the local network - the sense
> of this: prevent attacks to zero-day-exploits from php-scripts
> running on the webserver (even if there only trustable scripts)
>
> here are the ICMP answers you can define for each incoming and
> outgoing rule up to "network unreachable" only on a single port
> to destroy OS fingerprinting:
> http://www.linuxtopia.org/Linux_Firewall_iptables/x4550.html
>
Whatever you say....
I look forward to your helping the OP to resolve his problem.
--
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -- Rick Cook, The Wizardry Compiled
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Older Fedora Users]
[Fedora Announce]
[Fedora Package Announce]
[EPEL Announce]
[Fedora News]
[Fedora Cloud]
[Fedora Advisory Board]
[Fedora Education]
[Fedora Security]
[Fedora Scitech]
[Fedora Robotics]
[Fedora Maintainers]
[Fedora Infrastructure]
[Fedora Websites]
[Anaconda Devel]
[Fedora Devel Java]
[Fedora Legacy]
[Fedora Desktop]
[Fedora Fonts]
[ATA RAID]
[Fedora Marketing]
[Fedora Management Tools]
[Fedora Mentors]
[SSH]
[Find Someone Special]
[Fedora Package Review]
[Fedora R Devel]
[Fedora PHP Devel]
[Kickstart]
[Fedora Music]
[Fedora Packaging]
[Centos]
[Fedora SELinux]
[Fedora Legal]
[Fedora Kernel]
[Fedora QA]
[Fedora Triage]
[Fedora OCaml]
[Coolkey]
[Virtualization Tools]
[ET Management Tools]
[Yum Users]
[Tux]
[Yosemite News]
[Yosemite Photos]
[Linux Apps]
[Maemo Users]
[Gnome Users]
[KDE Users]
[Fedora Tools]
[Fedora Art]
[Fedora Docs]
[Maemo Users]
[Asterisk PBX]
[Fedora Sparc]
[Fedora Universal Network Connector]
[Libvirt Users]
[Fedora ARM]
