Re: n00b ipf/ipnat questions

From: Giorgos Keramidas (keramida@ceid.upatras.gr)
Date: 02/12/03

• Next message: Kenzo: "wireless discovery"
• Previous message: Adam Laurie: "Re: encryption export"
• In reply to: Redmond Militante: "Re: n00b ipf/ipnat questions"
• Next in thread: Kirill Ponomarew: "Re: n00b ipf/ipnat questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 12 Feb 2003 17:55:58 +0200
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Redmond Militante <r-militante@northwestern.edu>

On 2003-02-11 13:07, Redmond Militante <r-militante@northwestern.edu> wrote:
> yeah
> the reason i didn't think that portsentry would be causing this type
> of behavioris that i'm also running it on a couple of standalone
> workstations that i have firewalled with ipfilter, and when i nmap
> these machines, it doesn't show a variety of ports being open due to
> portsentry listening on them.

That depends on what the default policy of the firewall is.

If you use a ruleset that blocks all ports and allows only certain
incoming packets, portsentry won't ever get a chance of seeing the
blocked packets. This will not show anything to an nmap scan.

If, on the other hand, you use a ruleset that allows everything
through and only blocks certain ports or port-ranges, then portsentry
will receive a lot more packets that before. This will show up as a
huge list of open ports in an nmap scan.

> i'm not sure why nmap would show these ports that portsentry's
> listening on being open when behind a ipf/ipnat configuration...

I'm not sure what your exact setup is (I have missed the beginning of
this thread) so I can't answer this.

- Giorgos

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Kenzo: "wireless discovery"
• Previous message: Adam Laurie: "Re: encryption export"
• In reply to: Redmond Militante: "Re: n00b ipf/ipnat questions"
• Next in thread: Kirill Ponomarew: "Re: n00b ipf/ipnat questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: strange nmap scan ... >> when the firewall is down ... >> - nmap receives some answers from some ports on my machine ... and yet nmap comes back with 'all ports filtered'. ... simply report that there was no response to the packets it sent out on any ... (comp.os.linux.security) Re: Does NMAP need ICMP for accurate UDP state ... > know they are not open because I am dropping INPUT packets on those ... > ports from the outside using an smbclient or nmbstat command. ... nmap does need the unreachable icmp to show the port as closed. ... are silently dropping the packets, ... (comp.os.linux.security) Re: strange nmap scan ... >Port State Service ... >I haven't tried to see what happens if I closed the ports 22 and 8080, or, rather ... If you dropped the packets, nmap would ... (comp.os.linux.security) Re: Firewall, PortSentry, and ports ... > PortSentry, and making a hole in the firewall for port one (and other ... -- use connection tracking to monitor stream state, ie., monitor which ... ports like ftp, smtp, ssh, telnet, dns, and netbios with iptables. ... (comp.os.linux.setup) Re: first attempt at security ... portsentry opens up lots of *fake* listening ports. ... restart inetd **make sure portsentry doesn't restart ... (Security-Basics)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint