-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 22 November 2003 15:33, Jorge Almeida wrote: > I have in my home box a iptables firewall configured via shorewall with > the "standalone machine" standard configuration (no services whatsoever to > the outside world). Just for good measure, I tryed portscanning from a > computer at work: (my dynamic IP number edited) > $ nmap -vv <IP number> > > Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> (The 1597 ports scanned but not shown below are in state: closed) > Port State Service > 6/tcp filtered unknown > 25/tcp filtered smtp > 80/tcp open http > 135/tcp filtered loc-srv > The scanning from the home box itself gives a more reassuring outcome: > > $ nmap -vv localhost > Interesting ports on localhost (127.0.0.1): > (The 1621 ports scanned but not shown below are in state: closed) > Port State Service > 6000/tcp open X11 > 10000/tcp open snet-sensor-mgmt > Now, why should nmap at the remote machine report that port 80 is open? I > assume that this happens because nmap is not supposed to be used when the > target has a firewall. Can I be right? And, if so, how can I check whether > the firewall is really working as expected? You are right not to question ports 6, 25, and 135, they will be some sort of firewall/router in your path home. Port 80 will almost certainly be open because someone along the line is trapping port 80 traffic, probably to send it off to a proxy. I do this myself on my home network, and have seen that same behaviour with an ISP I was on. - -- Mike Williams -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/v4JuInuLMrk7bIwRAgkFAJ9ClnPsq7nR3/Hj+bjXR2VhaRSK0ACdE6Gm W3od/TcgFQhLjqYPW23YD0w= =eoso -----END PGP SIGNATURE----- -- [EMAIL PROTECTED] mailing list
