iptables / reject vs drop

From: Fritz Bayer (fritz-bayer_at_web.de)
Date: 10/26/04

• Next message: Dr. Robert Meier: "Re: RPM Verification"
• Previous message: kevin: "script kiddies or something worse? how can i tell"
• Next in thread: Moe Trin: "Re: iptables / reject vs drop"
• Reply: Moe Trin: "Re: iptables / reject vs drop"
• Reply: Mike: "Re: iptables / reject vs drop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 26 Oct 2004 03:59:26 -0700

Hi,

I have setup some iptable rules in the INPUT chain for the interface
eth0 of our dedicated server.

Even though the target is DROP scanning the host with nmap yields the
following result:

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
3306/tcp filtered mysql
4444/tcp filtered krb524
5432/tcp filtered postgres
6667/tcp filtered irc
8009/tcp filtered ajp13
8443/tcp open https-alt
10000/tcp filtered snet-sensor-mgmt

I know that the DROP target does not notify the sender of the tcp
packet. On my local host this also works.

What could be the reason that I get those "filtered" messages? Of
course I want that lines containing the "filtered" message disappear.

Here are the iptables commands I issued:

debian:~# iptables -A INPUT -p tcp -i eth0 --dport 4444 -j DROP
debian:~# iptables -A INPUT -p tcp -i eth0 --dport 5432 -j DROP
debian:~# iptables -A INPUT -p tcp -i eth0 --dport 8009 -j DROP
debian:~# iptables -A INPUT -p tcp -i eth0 --dport 10000 -j DROP
debian:~# iptables -I INPUT -p tcp -i eth0 --dport 4444 -j LOG
debian:~# iptables -I INPUT -p tcp -i eth0 --dport 5432 -j LOG
debian:~# iptables -I INPUT -p tcp -i eth0 --dport 8009 -j LOG
debian:~# iptables -I INPUT -p tcp -i eth0 --dport 10000 -j LOG

Fritz

• Next message: Dr. Robert Meier: "Re: RPM Verification"
• Previous message: kevin: "script kiddies or something worse? how can i tell"
• Next in thread: Moe Trin: "Re: iptables / reject vs drop"
• Reply: Moe Trin: "Re: iptables / reject vs drop"
• Reply: Mike: "Re: iptables / reject vs drop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Build your own Forth for Microchip PIC (Episode 837) ... put those tokens in RAM. ... This is the reason I'm wanting to use the host as a remote execution ... Test/Debug code on target recompiling and reloading as necessary. ... of implementing anything other than a batch forth compiler for it. ... (comp.lang.forth) Re: Strange pings from 127.0.0.1 ... I'll look into seeing if I can't trace down the infected device by assuming any target host is not the source. ... it might be that you have someone on your network ... >> Ethical Hacking at the InfoSec Institute. ... (Security-Basics) Re: Build your own Forth for Microchip PIC (Episode 837) ... Because if you're doing tokens, wouldn't your token tables go in data space, with your token interpreter and primitives in code space? ... Compile words for target substituting local I/O access for remote ones. ... You can't, for example, test any of your PIC code on the host. ... (comp.lang.forth) Re: Build your own Forth for Microchip PIC: Design thoughts ... compiler is the only task that's burning in my brain right. ... that puts PIC code on the host for the simulator to execute. ... I'm not so sure about the simulator. ... That target will execute compiled forth words. ... (comp.lang.forth) Re: Build your own Forth for Microchip PIC: Design thoughts ... Embedded systems hardware I don't plan to buy. ... The normal way of things is that you load on your host a cross-compiler ... then transferring words to the target. ... Words for accessing dictionary definitions like SEE does? ... (comp.lang.forth)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint