Re: sendmail punching thru firewall and unknown open ports?

From: Tim Haynes (usenet@stirfried.vegetable.org.uk)
Date: 06/11/02

• Next message: ray: "active system attack"
• Previous message: Glen: "sendmail punching thru firewall and unknown open ports?"
• In reply to: Glen: "sendmail punching thru firewall and unknown open ports?"
• Next in thread: Glen: "Re: sendmail punching thru firewall and unknown open ports?"
• Reply: Glen: "Re: sendmail punching thru firewall and unknown open ports?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Tim Haynes <usenet@stirfried.vegetable.org.uk>
Date: 11 Jun 2002 16:03:01 +0100

Glen <glcoates.spammers.burn.in.hell@optushome.com.au> writes:

> This is a plain nmap run on tycho (from tycho itself):
>
> (The 1546 ports scanned but not shown below are in state: closed)
> Port State Service
> 22/tcp open ssh
> 25/tcp open smtp
> 111/tcp open sunrpc
> 139/tcp open netbios-ssn
> 515/tcp open printer
> 683/tcp open unknown
> 768/tcp open unknown
> 10000/tcp open snet-sensor-mgmt
>
> Interestingly, the smtp port does not show up if I nmap tycho from
> another computer on the local network.

What does netstat say?

> Also, what are the services running on ports 683 and 768?

What does netstat (ok I'll be nice, netstat -plant) say?

> Here is the iptables config for tycho:
>
[snip]
> -A GLEN -i lo -j ACCEPT
> -A GLEN -i eth1 -j ACCEPT
> -A GLEN -i eth2 -j ACCEPT
> -A GLEN -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A GLEN -s 129.94.0.0/255.255.0.0 -p tcp -m tcp --dport 22 -j ACCEPT
> -A GLEN -j DROP
> COMMIT
> # Completed on Wed Mar 6 15:44:49 2002

Look at what you're doing to eth1, eth2 on there. Are you sure that's right?

~Tim

-- 
Morning dawning /                           |piglet@stirfried.vegetable.org.uk
With life abounding                         |http://spodzone.org.uk/

---

• Next message: ray: "active system attack"
• Previous message: Glen: "sendmail punching thru firewall and unknown open ports?"
• In reply to: Glen: "sendmail punching thru firewall and unknown open ports?"
• Next in thread: Glen: "Re: sendmail punching thru firewall and unknown open ports?"
• Reply: Glen: "Re: sendmail punching thru firewall and unknown open ports?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: IP Telephony pen-test and VLANs ... Interesting ports on x.x.x.x: ... PORT STATE SERVICE VERSION ... 445/tcp open microsoft-ds Microsoft Windows 2000 microsoft-ds ... Download FREE whitepaper on how a managed service can ... (Pen-Test) strange logs ... It appears someone is trying to mess with my server. ... Interesting ports on adsl-69-209-152-51.dsl.sfldmi.ameritech.net ... PORT STATE SERVICE ... 139/tcp filtered netbios-ssn ... (Security-Basics) Re: [SLE] Printing in different Subnets ... the tests on the local subnet, ... Interesting ports on 192.168.0.153: ... PORT STATE SERVICE ... Furthermore you must set up the network interfaces in the network ... (SuSE) [SLE] nmap showing cups/nfs open to outside. ... I did an nmap scan on my computer itself on thee ways and realized ... that both the cups and nfs services are in fact listening on the ... Interesting ports on localhost: ... PORT STATE SERVICE ... (SuSE) *BSD Telnetd ... compromises that have used the new telnetd code. ... at work we went from three tcp/23 scans ... Interesting ports on www.bitch.org: ... Port State Service ... (Incidents)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2002-06