Is there any way to hid a port ?

Hello Experts ,

i wanna ask about ports and states..

when i used nmap or any port scanning i can see the state of the ports if the port is open or closed or filtered and unfiltered ...

now the question , in my server can i hid a port from any port scanning that mean if the port received any packet form any ip without my ip it will show it closed but if it is received the connection from my IP it will be show open ?
is there any way to make this ? or if not is there any way to hid the port from any crackers want to check my ports ?
thanx in advance
CFILAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hbustanCommented:
Yes there are many ways.

Answer: Firewalls

You can use a personal software firewall such as Microsoft's own firewall (comes with your operating system free of charge) to make these settings or you can use a hardware Firewall device as well such as Checkpoint or Cisco PIX.

In all cases, firewalls allow you to open ports for specific IP addresses and close them for the rest. I believe this is what you are looking for.
0
franked_itCommented:
I'm guessing that you're running a Linux computer.  In that case, iptables is a firewall built into most Linux distributions since it's part of the kernel base.  The basic principle of firewalls is that you setup a list of rules.  When a packet comes in, it starts at the top of the list, and if the packet matches a rule, that rule's action is executed.  So in simple terms, what you want is to add 2 rules to any existing rules:
1 - If the packet is from xx.xx.xx.xx and port = xx ACCEPT
2 - If the packet's port = xx DROP/REJECT

You'll want to look at your Linux distribution's documentation for how to configure the built in firewall.  Many have GUI tools to help you configure the rules.

If you let us know which Linux distribution and version you're using, I'm sure we can provide links to documentation to set you on the quickest path.
0
CFILAuthor Commented:
mr hbustan thank you for your comment i am using linux .

mr franked_it ,

your comment is what i am looking for , but can you tell me is that mean in iptables can i write a rule that can shown the port is closed for all the world but when i try to connect for that port i will find it open ?
and if yes , can i do that for all port i got from 1 - 65535 but allowed just 80 and 21 for users . is that possible and useful to protect my server ?
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

CFILAuthor Commented:
i am using Fedora 8
0
franked_itCommented:
Yes, you can do most anything you want. Certainly, what you are asking for is in the realm of possibility and even ease.  Blocking all ports is certainly useful for protecting your server.  You do have to be careful, though because you may block yourself from being able to use certain applications.

I'm assuming you want port 21 open for FTP.  This protocol, for example uses 21 for "control" traffic, but traditionally uses port 20 for actual file transfers.

If this Linux server is to participate in Active Directory for authentication, participate in NFS, provide Windows/Samba file shares, etc, you'll have to open the required ports back up.

The way I usually approach creating firewall rules if I'm designing them myself is create them 1 by 1 and apply them.  Test to make sure it behaves as expected, and doesn't break the core functionality.

There are some tools built into Fedora 8 that should make this easier, and even allow you to avoid writing IP tables rules (They are not super easy to learn...)

See the following link for overview of the tool:
http://fedoraproject.org/wiki/Releases/8/ReleaseSummary#head-ac864614dcc02108b0d4bf3cdd6749c043b5414a

Do you have the GUI installed and running?  This is usually referred to as the X-server, X11, or Gnome.  If so, then you should have the tool in your Administration menu.  I don't have Fedora installed, although I'm tempted to try it tomorrow...If I get some time to install it, I'll try and provide more detailed info on how to use system-config-firewall, but it should be pretty well documented in the tool itself.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CFILAuthor Commented:
thank you very much for your useful comment , know i am intersting about iptables in linux , i will try to read about this subject becaue its very important to protect any server and network
0
CFILAuthor Commented:
thank  you mr franked_it ,

in order to do iptables rules , its possible to spoofing my IP from the attacker to get over the rules and connect to a particular port ?

Thank you..
CFIL
0
franked_itCommented:
Yes, an "attacker" would be able to spoof the IP address and by pass the rules.  The rules should be written in a way that the "attacker" would have to be on your network first, then spoof the correct IP address; it wouldn't work for a computer on the Internet, for example.

In the case of your original question, you'd have your own computer on the network with the "trusted' IP address. This means if someone spoofed your IP, you'd start to have really weird behavior on your own computer.  You would notice immediately that your computer was not able to hold a connection to anything anywhere as the "attacker" and your computer would constantly be updating the ARP tables on all network devices.  You may be able to log ARP table changes in a business-level router, or on your Fedora box.  If you start to see ARP table changes for your IP address, then you know some other devices is spoofing your IP.

You might also be able to hard map your IP to your MAC address on your Fedora box by adding a static ARP entry.  The firewall may actually be able to filter for a specific MAC address as well.

Now...an attacker can also spoof both the IP and the MAC depending on the network card...Same issue will arise, you'll have really spotty network connectivity as the network devices will constantly switch which network port to send the packets destined for your MAC address.

If it was me, I'd just use the IP address and figure that if someone spoofed it, I'd notice and be able to trace it pretty easily.
0
CFILAuthor Commented:
very good comment , Thank you Mr franked_it ,
now i have lots of ideas for how could i try to connection to my port via my ip and also i could try to make my own server more secure ,

i am sorry for lots of questions , Do you have any books which is good to explain more about iptables with writing rules and secure it ...

Thank you ,
CFIL
0
franked_itCommented:
I can't say I'm aware of any books.  I've used mostly the man pages and other online documentation.  Try this out for example:
http://iptables-tutorial.frozentux.net/other/iptables.html
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
Here's one with a sample scenario:
http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.