[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] [RaQ3i] hosts.deny
- Subject: Re: [cobalt-users] [RaQ3i] hosts.deny
- From: jens@xxxxxxxxxxxxxxxxxxxx (Jens Kristian Søgaard)
- Date: Mon Oct 16 16:23:25 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"H.P. Stroebel" <hpstr@xxxxxxxxxxxxx> writes:
> > It does if I want to block hackers from portscanning me and searching for
> > weak points. I don't have it listening on my httpd port either if that's
> > what you ment to say?
> yes. of course, you can let it LISTEN on port 80 without any blocking
> actions (at least i think), but that would not make much sense.
No, you can't. When you attach (listen) to a socket, you also disallow
any other program to connect to that socket.
This means that if you listen to port 80, you can't start Apache (at
least if you set Apache to listen to port 80, which is the standard).
However you can do some "tricks", by using the same techniques as in
tcpdump for retrieving all packets on the NIC. From there you could
filter and find the packets for port 80, and intercept them - so that
both your program and Apache could get them. This is however not the
method used by a program like PortSentry.
--
Jens Kristian Søgaard, Mermaid Consulting I/S,
jens@xxxxxxxxxxxxxxxxxxxx,
http://www.mermaidconsulting.com/