[WBEL-users] More on iptables
Ed
ekg@tricity.wsu.edu
Fri, 06 Aug 2004 16:33:23 -0700
Ed Morrison wrote:
> Hey everyone,
>
> I have changed my iptables to what I have pasted below. The policy is
> set to drop all packets except for what I explicitly allow. Yet, when I
> run nmap against this box I am showing all these ports as open (see
> below). Shouldn't they show as closed? Where am I going wrong?
You're doing everything fine. It's just the nmap arguments are
confused: -sO is IP protocol scan (which is why your "tcp" port is open
:-), I think you want -O for os identification, and -sT for tcp
connect() scan, and then again -sU for udp scan. FYI, firewalled udp
ports appear open, because udp only sends a response if the port is
closed. Are you as confused as I am now? Horray! :-)
No Problem,
Ed
>
>
> Thanks,
>
> Ed
>
>
> Iptables:
>
> [root@heresy sysconfig]# iptables -L -v
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 DROP all -- any any 24.20.253.108
> anywhere
> 0 0 DROP all -- any any 69.145.105.154
> anywhere
> 0 0 DROP all -- any any 4.11.196.79
> anywhere
> 0 0 DROP all -- any any 80.202.20.7
> anywhere
> 0 0 DROP all -- any any 137.164.158.14
> anywhere
> 0 0 DROP all -- any any 201.129.85.142
> anywhere
> 0 0 DROP all -- any any 24.19.7.146
> anywhere
> 0 0 DROP all -- any any 66.44.140.103
> anywhere
> 0 0 DROP all -- any any 12.205.157.201
> anywhere
> 0 0 DROP all -- any any 201.129.85.95
> anywhere
> 0 0 DROP all -- any any 219.103.193.130
> anywhere
> 0 0 DROP all -- any any 130.120.81.14
> anywhere
> 0 0 DROP all -- any any 207.3.145.251
> anywhere
> 0 0 DROP all -- any any 131.234.66.101
> anywhere
> 0 0 DROP all -- any any 12.109.164.254
> anywhere
> 0 0 DROP all -- any any 12.109.164.25
> anywhere
> 0 0 DROP all -- any any 219.120.54.178
> anywhere
> 0 0 DROP all -- any any 219.120.54.1
> anywhere
> 0 0 DROP all -- any any 201.129.85.221
> anywhere
> 0 0 DROP all -- any any 69.145.104.154
> anywhere
> 0 0 DROP all -- any any 208.19.107.78
> anywhere
> 0 0 DROP all -- any any 210.92.210.67
> anywhere
> 0 0 DROP all -- any any 219.120.54.178
> anywhere
> 0 0 DROP all -- any any 62.3.209.74
> anywhere
> 0 0 DROP all -- any any 62.3.209.74
> anywhere
> 0 0 DROP all -- any any 202.141.1.28
> anywhere
> 0 0 DROP all -- any any 216.97.110.1
> anywhere
> 0 0 DROP all -- any any 203.123.11.21
> anywhere
> 0 0 DROP all -- any any 211.252.6.194
> anywhere
> 0 0 DROP all -- any any 61.187.92.210
> anywhere
> 0 0 DROP all -- any any 61.187.94.210
> anywhere
> 0 0 DROP all -- any any 195.247.24.11
> anywhere
> 0 0 DROP all -- any any 24.119.57.93
> anywhere
> 0 0 DROP all -- any any 220.99.76.139
> anywhere
> 0 0 DROP all -- any any 66.78.26.26
> anywhere
> 170 18765 ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:http
> 2698 159K ACCEPT tcp -- any any anywhere
> anywhere tcp dpt:ssh
> 0 0 ACCEPT all -- any any
> heresy.northcentralcounties.org anywhere
> 2184 322K DROP all -- eth0 any anywhere
> anywhere
>
>
>
> nmap scan:
>
> [root@mx1 sysconfig]# nmap -sO 207.13.247.19
>
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> Interesting protocols on heresy.northcentralcounties.org
> (207.13.247.19):
> Protocol State Name
> 1 open icmp
> 2 open igmp
> 3 open ggp
> 4 open ip
> 5 open st
> 6 open tcp
> 7 open cbt
> 8 open egp
> 9 open igp
> 10 open bbn-rcc-mon
> 11 open nvp-ii
> 12 open pup
> 13 open argus
> 14 open emcon
> 15 open xnet
> 16 open chaos
> 17 open udp
> 18 open mux
> 19 open dcn-meas
> 20 open hmp
> 21 open prm
> 22 open xns-idp
> 23 open trunk-1
> 24 open trunk-2
> 25 open leaf-1
> 26 open leaf-2
> 27 open rdp
> 28 open irtp
> 29 open iso-tp4
> 30 open netblt
> 31 open mfe-nsp
> 32 open merit-inp
> 33 open sep
> 34 open 3pc
> 35 open idpr
> 36 open xtp
> 37 open ddp
> 38 open idpr-cmtp
> 39 open tp++
> 40 open il
> 41 open ipv6
> 42 open sdrp
> 43 open ipv6-route
> 44 open ipv6-frag
> 45 open idrp
> 46 open rsvp
> 47 open gre
> 48 open mhrp
> 49 open bna
> 50 open esp
> 51 open ah
> 52 open i-nlsp
> 53 open swipe
> 54 open narp
> 55 open mobile
> 56 open tlsp
> 57 open skip
> 58 open ipv6-icmp
> 59 open ipv6-nonxt
> 60 open ipv6-opts
> 61 open unknown
> 62 open cftp
> 63 open unknown
> 64 open sat-expak
> 65 open kryptolan
> 66 open rvd
> 67 open ippc
> 68 open unknown
> 69 open sat-mon
> 70 open visa
> 71 open ipcv
> 72 open cpnx
> 73 open cphb
> 74 open wsn
> 75 open pvp
> 76 open br-sat-mon
> 77 open sun-nd
> 78 open wb-mon
> 79 open wb-expak
> 80 open iso-ip
> 81 open vmtp
> 82 open secure-vmtp
> 83 open vines
> 84 open ttp
> 85 open nsfnet-igp
> 86 open dgp
> 87 open tcf
> 88 open eigrp
> 89 open ospfigp
> 90 open sprite-rpc
> 91 open larp
> 92 open mtp
> 93 open ax.25
> 94 open ipip
> 95 open micp
> 96 open scc-SP
> 97 open etherip
> 98 open encap
> 99 open unknown
> 100 open gmtp
> 101 open ifmp
> 102 open pnni
> 103 open pim
> 104 open aris
> 105 open scps
> 106 open qnx
> 107 open a/n
> 108 open ipcomp
> 109 open snp
> 110 open compaq-peer
> 111 open ipx-in-ip
> 112 open vrrp
> 113 open pgm
> 114 open unknown
> 115 open l2tp
> 116 open ddx
> 117 open iatp
> 118 open stp
> 119 open srp
> 120 open uti
> 121 open smp
> 122 open sm
> 123 open ptp
> 124 open isis-over-ipv4
> 125 open fire
> 126 open crtp
> 127 open crudp
> 128 open sscopmce
> 129 open iplt
> 130 open sps
> 131 open pipe
> 132 open sctp
> 133 open fc
> 134 open unknown
> 135 open unknown
> 136 open unknown
> 137 open unknown
> 138 open unknown
> 139 open unknown
> 140 open unknown
> 141 open unknown
> 142 open unknown
> 143 open unknown
> 144 open unknown
> 145 open unknown
> 146 open unknown
> 147 open unknown
> 148 open unknown
> 149 open unknown
> 150 open unknown
> 151 open unknown
> 152 open unknown
> 153 open unknown
> 154 open unknown
> 155 open unknown
> 156 open unknown
> 157 open unknown
> 158 open unknown
> 159 open unknown
> 160 open unknown
> 161 open unknown
> 162 open unknown
> 163 open unknown
> 164 open unknown
> 165 open unknown
> 166 open unknown
> 167 open unknown
> 168 open unknown
> 169 open unknown
> 170 open unknown
> 171 open unknown
> 172 open unknown
> 173 open unknown
> 174 open unknown
> 175 open unknown
> 176 open unknown
> 177 open unknown
> 178 open unknown
> 179 open unknown
> 180 open unknown
> 181 open unknown
> 182 open unknown
> 183 open unknown
> 184 open unknown
> 185 open unknown
> 186 open unknown
> 187 open unknown
> 188 open unknown
> 189 open unknown
> 190 open unknown
> 191 open unknown
> 192 open unknown
> 193 open unknown
> 194 open unknown
> 195 open unknown
> 196 open unknown
> 197 open unknown
> 198 open unknown
> 199 open unknown
> 200 open unknown
> 201 open unknown
> 202 open unknown
> 203 open unknown
> 204 open unknown
> 205 open unknown
> 206 open unknown
> 207 open unknown
> 208 open unknown
> 209 open unknown
> 210 open unknown
> 211 open unknown
> 212 open unknown
> 213 open unknown
> 214 open unknown
> 215 open unknown
> 216 open unknown
> 217 open unknown
> 218 open unknown
> 219 open unknown
> 220 open unknown
> 221 open unknown
> 222 open unknown
> 223 open unknown
> 224 open unknown
> 225 open unknown
> 226 open unknown
> 227 open unknown
> 228 open unknown
> 229 open unknown
> 230 open unknown
> 231 open unknown
> 232 open unknown
> 233 open unknown
> 234 open unknown
> 235 open unknown
> 236 open unknown
> 237 open unknown
> 238 open unknown
> 239 open unknown
> 240 open unknown
> 241 open unknown
> 242 open unknown
> 243 open unknown
> 244 open unknown
> 245 open unknown
> 246 open unknown
> 247 open unknown
> 248 open unknown
> 249 open unknown
> 250 open unknown
> 251 open unknown
> 252 open unknown
> 253 open unknown
> 254 open unknown
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 202 seconds
>
> _______________________________________________
> Whitebox-users mailing list
> Whitebox-users@beau.org
> http://beau.org/mailman/listinfo/whitebox-users