[WBEL-users] More on iptables
Ed Morrison
emorrison@ncen.org
Fri, 6 Aug 2004 17:07:45 -0700
Thanks Ed. I re-ran the scans ....correctly and all is well! Thanks
again.
Ed
> -----Original Message-----
> From: whitebox-users-admin@beau.org
[mailto:whitebox-users-admin@beau.org]
> On Behalf Of Ed
> Sent: Friday, August 06, 2004 4:33 PM
> To: Ed Morrison
> Cc: whitebox-users@beau.org
> Subject: Re: [WBEL-users] More on iptables
>
> Ed Morrison wrote:
> > Hey everyone,
> >
> > I have changed my iptables to what I have pasted below. The policy
is
> > set to drop all packets except for what I explicitly allow. Yet,
when I
> > run nmap against this box I am showing all these ports as open (see
> > below). Shouldn't they show as closed? Where am I going wrong?
>
> You're doing everything fine. It's just the nmap arguments are
> confused: -sO is IP protocol scan (which is why your "tcp" port is
open
> :-), I think you want -O for os identification, and -sT for tcp
> connect() scan, and then again -sU for udp scan. FYI, firewalled udp
> ports appear open, because udp only sends a response if the port is
> closed. Are you as confused as I am now? Horray! :-)
>
> No Problem,
>
> Ed
>
> >
> >
> > Thanks,
> >
> > Ed
> >
> >
> > Iptables:
> >
> > [root@heresy sysconfig]# iptables -L -v
> > Chain INPUT (policy DROP 0 packets, 0 bytes)
> > pkts bytes target prot opt in out source
> > destination
> > 0 0 DROP all -- any any 24.20.253.108
> > anywhere
> > 0 0 DROP all -- any any 69.145.105.154
> > anywhere
> > 0 0 DROP all -- any any 4.11.196.79
> > anywhere
> > 0 0 DROP all -- any any 80.202.20.7
> > anywhere
> > 0 0 DROP all -- any any 137.164.158.14
> > anywhere
> > 0 0 DROP all -- any any 201.129.85.142
> > anywhere
> > 0 0 DROP all -- any any 24.19.7.146
> > anywhere
> > 0 0 DROP all -- any any 66.44.140.103
> > anywhere
> > 0 0 DROP all -- any any 12.205.157.201
> > anywhere
> > 0 0 DROP all -- any any 201.129.85.95
> > anywhere
> > 0 0 DROP all -- any any 219.103.193.130
> > anywhere
> > 0 0 DROP all -- any any 130.120.81.14
> > anywhere
> > 0 0 DROP all -- any any 207.3.145.251
> > anywhere
> > 0 0 DROP all -- any any 131.234.66.101
> > anywhere
> > 0 0 DROP all -- any any 12.109.164.254
> > anywhere
> > 0 0 DROP all -- any any 12.109.164.25
> > anywhere
> > 0 0 DROP all -- any any 219.120.54.178
> > anywhere
> > 0 0 DROP all -- any any 219.120.54.1
> > anywhere
> > 0 0 DROP all -- any any 201.129.85.221
> > anywhere
> > 0 0 DROP all -- any any 69.145.104.154
> > anywhere
> > 0 0 DROP all -- any any 208.19.107.78
> > anywhere
> > 0 0 DROP all -- any any 210.92.210.67
> > anywhere
> > 0 0 DROP all -- any any 219.120.54.178
> > anywhere
> > 0 0 DROP all -- any any 62.3.209.74
> > anywhere
> > 0 0 DROP all -- any any 62.3.209.74
> > anywhere
> > 0 0 DROP all -- any any 202.141.1.28
> > anywhere
> > 0 0 DROP all -- any any 216.97.110.1
> > anywhere
> > 0 0 DROP all -- any any 203.123.11.21
> > anywhere
> > 0 0 DROP all -- any any 211.252.6.194
> > anywhere
> > 0 0 DROP all -- any any 61.187.92.210
> > anywhere
> > 0 0 DROP all -- any any 61.187.94.210
> > anywhere
> > 0 0 DROP all -- any any 195.247.24.11
> > anywhere
> > 0 0 DROP all -- any any 24.119.57.93
> > anywhere
> > 0 0 DROP all -- any any 220.99.76.139
> > anywhere
> > 0 0 DROP all -- any any 66.78.26.26
> > anywhere
> > 170 18765 ACCEPT tcp -- any any anywhere
> > anywhere tcp dpt:http
> > 2698 159K ACCEPT tcp -- any any anywhere
> > anywhere tcp dpt:ssh
> > 0 0 ACCEPT all -- any any
> > heresy.northcentralcounties.org anywhere
> > 2184 322K DROP all -- eth0 any anywhere
> > anywhere
> >
> >
> >
> > nmap scan:
> >
> > [root@mx1 sysconfig]# nmap -sO 207.13.247.19
> >
> > Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> > Interesting protocols on heresy.northcentralcounties.org
> > (207.13.247.19):
> > Protocol State Name
> > 1 open icmp
> > 2 open igmp
> > 3 open ggp
> > 4 open ip
> > 5 open st
> > 6 open tcp
> > 7 open cbt
> > 8 open egp
> > 9 open igp
> > 10 open bbn-rcc-mon
> > 11 open nvp-ii
> > 12 open pup
> > 13 open argus
> > 14 open emcon
> > 15 open xnet
> > 16 open chaos
> > 17 open udp
> > 18 open mux
> > 19 open dcn-meas
> > 20 open hmp
> > 21 open prm
> > 22 open xns-idp
> > 23 open trunk-1
> > 24 open trunk-2
> > 25 open leaf-1
> > 26 open leaf-2
> > 27 open rdp
> > 28 open irtp
> > 29 open iso-tp4
> > 30 open netblt
> > 31 open mfe-nsp
> > 32 open merit-inp
> > 33 open sep
> > 34 open 3pc
> > 35 open idpr
> > 36 open xtp
> > 37 open ddp
> > 38 open idpr-cmtp
> > 39 open tp++
> > 40 open il
> > 41 open ipv6
> > 42 open sdrp
> > 43 open ipv6-route
> > 44 open ipv6-frag
> > 45 open idrp
> > 46 open rsvp
> > 47 open gre
> > 48 open mhrp
> > 49 open bna
> > 50 open esp
> > 51 open ah
> > 52 open i-nlsp
> > 53 open swipe
> > 54 open narp
> > 55 open mobile
> > 56 open tlsp
> > 57 open skip
> > 58 open ipv6-icmp
> > 59 open ipv6-nonxt
> > 60 open ipv6-opts
> > 61 open unknown
> > 62 open cftp
> > 63 open unknown
> > 64 open sat-expak
> > 65 open kryptolan
> > 66 open rvd
> > 67 open ippc
> > 68 open unknown
> > 69 open sat-mon
> > 70 open visa
> > 71 open ipcv
> > 72 open cpnx
> > 73 open cphb
> > 74 open wsn
> > 75 open pvp
> > 76 open br-sat-mon
> > 77 open sun-nd
> > 78 open wb-mon
> > 79 open wb-expak
> > 80 open iso-ip
> > 81 open vmtp
> > 82 open secure-vmtp
> > 83 open vines
> > 84 open ttp
> > 85 open nsfnet-igp
> > 86 open dgp
> > 87 open tcf
> > 88 open eigrp
> > 89 open ospfigp
> > 90 open sprite-rpc
> > 91 open larp
> > 92 open mtp
> > 93 open ax.25
> > 94 open ipip
> > 95 open micp
> > 96 open scc-SP
> > 97 open etherip
> > 98 open encap
> > 99 open unknown
> > 100 open gmtp
> > 101 open ifmp
> > 102 open pnni
> > 103 open pim
> > 104 open aris
> > 105 open scps
> > 106 open qnx
> > 107 open a/n
> > 108 open ipcomp
> > 109 open snp
> > 110 open compaq-peer
> > 111 open ipx-in-ip
> > 112 open vrrp
> > 113 open pgm
> > 114 open unknown
> > 115 open l2tp
> > 116 open ddx
> > 117 open iatp
> > 118 open stp
> > 119 open srp
> > 120 open uti
> > 121 open smp
> > 122 open sm
> > 123 open ptp
> > 124 open isis-over-ipv4
> > 125 open fire
> > 126 open crtp
> > 127 open crudp
> > 128 open sscopmce
> > 129 open iplt
> > 130 open sps
> > 131 open pipe
> > 132 open sctp
> > 133 open fc
> > 134 open unknown
> > 135 open unknown
> > 136 open unknown
> > 137 open unknown
> > 138 open unknown
> > 139 open unknown
> > 140 open unknown
> > 141 open unknown
> > 142 open unknown
> > 143 open unknown
> > 144 open unknown
> > 145 open unknown
> > 146 open unknown
> > 147 open unknown
> > 148 open unknown
> > 149 open unknown
> > 150 open unknown
> > 151 open unknown
> > 152 open unknown
> > 153 open unknown
> > 154 open unknown
> > 155 open unknown
> > 156 open unknown
> > 157 open unknown
> > 158 open unknown
> > 159 open unknown
> > 160 open unknown
> > 161 open unknown
> > 162 open unknown
> > 163 open unknown
> > 164 open unknown
> > 165 open unknown
> > 166 open unknown
> > 167 open unknown
> > 168 open unknown
> > 169 open unknown
> > 170 open unknown
> > 171 open unknown
> > 172 open unknown
> > 173 open unknown
> > 174 open unknown
> > 175 open unknown
> > 176 open unknown
> > 177 open unknown
> > 178 open unknown
> > 179 open unknown
> > 180 open unknown
> > 181 open unknown
> > 182 open unknown
> > 183 open unknown
> > 184 open unknown
> > 185 open unknown
> > 186 open unknown
> > 187 open unknown
> > 188 open unknown
> > 189 open unknown
> > 190 open unknown
> > 191 open unknown
> > 192 open unknown
> > 193 open unknown
> > 194 open unknown
> > 195 open unknown
> > 196 open unknown
> > 197 open unknown
> > 198 open unknown
> > 199 open unknown
> > 200 open unknown
> > 201 open unknown
> > 202 open unknown
> > 203 open unknown
> > 204 open unknown
> > 205 open unknown
> > 206 open unknown
> > 207 open unknown
> > 208 open unknown
> > 209 open unknown
> > 210 open unknown
> > 211 open unknown
> > 212 open unknown
> > 213 open unknown
> > 214 open unknown
> > 215 open unknown
> > 216 open unknown
> > 217 open unknown
> > 218 open unknown
> > 219 open unknown
> > 220 open unknown
> > 221 open unknown
> > 222 open unknown
> > 223 open unknown
> > 224 open unknown
> > 225 open unknown
> > 226 open unknown
> > 227 open unknown
> > 228 open unknown
> > 229 open unknown
> > 230 open unknown
> > 231 open unknown
> > 232 open unknown
> > 233 open unknown
> > 234 open unknown
> > 235 open unknown
> > 236 open unknown
> > 237 open unknown
> > 238 open unknown
> > 239 open unknown
> > 240 open unknown
> > 241 open unknown
> > 242 open unknown
> > 243 open unknown
> > 244 open unknown
> > 245 open unknown
> > 246 open unknown
> > 247 open unknown
> > 248 open unknown
> > 249 open unknown
> > 250 open unknown
> > 251 open unknown
> > 252 open unknown
> > 253 open unknown
> > 254 open unknown
> >
> > Nmap run completed -- 1 IP address (1 host up) scanned in 202
seconds
> >
> > _______________________________________________
> > Whitebox-users mailing list
> > Whitebox-users@beau.org
> > http://beau.org/mailman/listinfo/whitebox-users
>
> _______________________________________________
> Whitebox-users mailing list
> Whitebox-users@beau.org
> http://beau.org/mailman/listinfo/whitebox-users