RE: Firewalling
From: Dave Vehrs (davev@spiremedia.com)Date: 08/20/01
- Previous message: Steffen Dettmer: "Re: strange connection on port 111.. more question"
- In reply to: Rob 'Feztaa' Park: "Firewalling"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dave Vehrs" <davev@spiremedia.com> To: "'Rob 'Feztaa' Park'" <fezziker@home.com> Subject: RE: Firewalling Date: Mon, 20 Aug 2001 08:51:24 -0600 Message-ID: <007201c12987$9635b330$9701010a@spiremedia.com>
First, when you send traffic to yourself in Linux, it always uses the loop
back interface. To test this, add a rule to your firewall that denies all
traffic coming to your external interface and ip from the external ip (i.e.
ipchains -A INPUT -i eth0 -s <external_ip> -d <external_ip> -j DENY). Then
do the scan, and it will still get through. (Tested with 2.2 kernel,
assumed to be the same for 2.4).
Second, to correctly scan yourself, you will need to do it from an outside
source. Either find a web page that does reverse scans, do an ftp-bounce
scan or have a friend do it.
Third, read the nmap documentation (start with
http://www.nmap.org/nmap/nmap_doc.html and
http://www.nmap.org/nmap/nmap_manpage.html). This will explain how to use
NMAP and what the results mean. For example the reason that the FIN scan
reports that all ports are open is because you have the DROP rule in place.
During a FIN scan, open ports ignore the packet, and closed port will
respond with the correct RST packet. So your drop rule creates a situation
where all ports do not respond and thus appear to be open.
RTFM!
Dave V.
- Previous message: Steffen Dettmer: "Re: strange connection on port 111.. more question"
- In reply to: Rob 'Feztaa' Park: "Firewalling"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
