He used the TCP connect and TCP SYN scan options. I've also tried XMAS, NULL, and FIN scans, but they resulted in a few false positives.
I'm using iptables as a simple packet filter only. My default rule is to reject all INPUTs. I open up a few services below 1024 and most ports over 1024. If Nessus reports the filter ports as open, I would expect it to report many more ports. The tech's report was dead accurate, only showing the 6 ports that are filtered and had services running. Thanks, Sherwin --- Michel Arboi <[EMAIL PROTECTED]> wrote: > sherwin Lu <[EMAIL PROTECTED]> writes: > > > A tech ran a Nessus scan against my Linux machine > > protected that is by iptables. His scan reported > all > > the ports that should have been filtered as open. > > What scan did he use? NULL scan, XMAS, FIN and > FINSYN are likely to > report filtered ports as "open". > > > 2. How does Nessus get past iptables? > > It probably does not, unless you did not use the > stateful filtering options. ===== Best Regards, Sherwin Lu __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
