Clarify the statement "nmap says I still have a ton of ports open" first
off...
What kind of scan are you running with nmap? Are you aware that some scans
identify a port as "open" upon a LACK of response from the host? Are you
sure you aren't getting false positives?
-----Original Message-----
From: Andr� Bell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 12, 2000 1:00 AM
To: [EMAIL PROTECTED]
Subject: Stumped - ports still open...
Ok, so now I know to close these unnecessary ports. Problem now is nmap
says I still have a ton of ports open, but when I type '/sbin/ipchains -L
-n' ipchains shows many of these very same ports set to deny as I setup.
Why do the ports still show up as open in nmap when ipchains indicates they
should be otherwise? How do I REALLY close these ports? I already
commented out absolutely everything in inetd.conf with exception to the
authentication line and then rebooted. Nothing else in inetd.conf is
without a leading '#' sign. Still several services like finger, telnet, and
others show as open to nmap -- and yes I can actually run telnet despite
commenting it out :(
What else should I look for that will make sure these ports are closed?
Thanks!
Andre
+++++++
If it will help here are one set of rules for my firewall and also the
complete listing of which ports nmap show as open:
A) # pmfirewall.rules.2 - used by pmfirewall package
#
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 80 -j ACCEPT
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 113 -j REJECT
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 119 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1045 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1080 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1524 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 2000 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 2005 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 3128 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 5742 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 6000 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 6667 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 20034 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 40421 -j DENY
B) Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
Interesting ports on xxxxxxxxxx
Port State Protocol Service
1 open tcp tcpmux
11 open tcp systat
15 open tcp netstat
25 open tcp smtp
79 open tcp finger
80 open tcp http
111 open tcp sunrpc
113 open tcp auth
119 open tcp nntp
143 open tcp imap2
515 open tcp printer
540 open tcp uucp
635 open tcp unknown
1080 open tcp socks
1524 open tcp ingreslock
2000 open tcp callbook
2005 open tcp deslogin
3128 open tcp squid-http
6667 open tcp irc
12345 open tcp NetBus
12346 open tcp NetBus
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
