Internet security question

[Piru]

Lets say that using the "MiamiNetStat -a" command i find out that i have an unwanted open port. How do i close this port?

Disable the service(s) from the Network Database, Services page.

I know that i can log-out, enter the miami preferences and block out the IP, but how can i do it on-the-fly?

Blocking IPs is not smart. Better just disable all the unneeded services.

Also, how can i tell that someone is scanning my ports?

You can't.

[Piru]

@mr_a500

This will let you know if anyone attempts to use your HDs/storage mediums.

If someone is really probing things he'll use stealth scans (SYN, TCP null, FIN, Xmas). These will not show up.

[Piru]

This can be done without the need to log-out and redial?

Disable all the services except identd (auth). Click Save. Should work without redial.

and what if i need these services?

You don't. If you need something temporarily, enable it and click Use. If you need to set up FTP then you likely want to allow it for LAN ip ranges though.

I assume that there is no simple way to just close that port?

Disable the service. Click save.


[EDIT]Or was it: Close the window for 'use', select Save as default from menu to 'Save'? Been a while I used Miami...[/EDIT]

[Piru]

@mr_a500

No it means that they can tell if the port is open without Miami reporting about the scan. They can't browse anything with stealth scan.

To browse the files a real connection must be established, and this will show up.

[Piru]

@koaftder

He could always run snort on another machine, then he would see the scans...

Sure, but then he'd need to have the modem connected to that 2nd machine and redirect the internet connection to the miggy. A bit cumbersome, but sure, doable.