Re: Shields Up reports one open port through iptables



bob.python@xxxxxxxxx wrote:
My IP address is sitting directly on the Internet with no firewall
(that I can tell) other than my iptables and I have the following rules
in iptables:

/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

Shields Up, https://www.grc.com/x/ne.dll?bh0bkyd2, reports that my port
1 is closed and all other ports are "stealth".

Port *1*? That's quite odd...

Try telnet <your_ip> 1 from a different machine, or using the "real"
IP (i.e., the IP assigned, and not 127.0.0.1 or localhost -- that
way, the packet will not come in through the loopback interface)

See if it immediately tells you "Connection refused", or if it
just freezes there waiting for the connection to be accepted (if
the former, the port is closed, as Shields Up reports -- from the
above iptables ruleset, it should freeze).

Also check iptables -L to list the *actual* rules (maybe another
iptables command was executed, or maybe the above is inaccurate?)

I just had Shields Up scan my machine, and it reports it as full
stealth (my machine has a slightly less strict ruleset than the
above -- I accept ESTABLISHED *and* RELATED, and I also accept
FORWARD traffic if it comes from the interface that connects to
the internal LAN; but from the point of view of what Shields Up
might report, my ruleset is essentially the same as the one you
posted)

If all checks out, you might want to write to the Shields Up guy
and report the possible bug in their system. (you might want to
try the scan again -- it might have been a temporary failure)

Carlos
--
.