Re: IPChains leak for UDP!?
From: Justin Nelson (bugtraq@jm4n.com)Date: 10/31/01
- Previous message: R Dicaire: "Re: changing root account name"
- In reply to: Sanjeev B.S.: "IPChains leak for UDP!?"
- Next in thread: Sebastian Ip: "Re: IPChains leak for UDP!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110311838.f9VIcGl03014@localhost.localdomain> From: Justin Nelson <bugtraq@jm4n.com> To: focus-linux@securityfocus.com Subject: Re: IPChains leak for UDP!? Date: Wed, 31 Oct 2001 13:38:16 -0500
Hello,
> Q2) I tried blocking UDP ports 137-139 specifically right in the
> begging, and nmap shows that those ports are open! And when I block
> all UDP, nmap doesn't show any such message. (nmap was run from the
> localhost itself.)
I don't use PortSentry myself, but on one installation I saw,
PortSentry had set up a cron to flush any ipchains rules every hour.
This was on a RH 6.2 box with RackSpace, so it's possible some other
preinstalled tool had set this up...
The comments in the crontab mentioned flushing the rules so that
PortSentry could do its job without ipchians getting in its way.
I would double check and do an 'ipchians -L' to make sure the rules
are in fact still in place...
Also -- run your nmap from an outside box rather than on the same
machine...
- Justin
- Previous message: R Dicaire: "Re: changing root account name"
- In reply to: Sanjeev B.S.: "IPChains leak for UDP!?"
- Next in thread: Sebastian Ip: "Re: IPChains leak for UDP!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
