Saturday, October 27, 2007

Re: Port 80 Open

On Sat, Oct 27, 2007 at 06:15:31PM -0600, Telly Williams wrote:
...
> > > eh, not quite stealth
> >
> What do you mean by that? Ansgar said the same thing. Now I'm
> feeling like a dummy.

that's simply not 'stealth' mode, as soon as you connect to an IP the normal
way (eg http://...) , the other side knows your IP and can map your side -
that's what grc.com did.

> >
> > > > requests). Some of my ports (i.e., 25 and 443) are coming up as
> > > > closed. Why are these ports showing up as closed at all?
> > >
> > > why should they be open? are you providing SMTP and HTTPS to the outside?
> >
> No, but I now understand what you're saying.

...
> -A INPUT -i eth1 -p tcp -j tcp_packets
...
> -A allowed -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A allowed -p tcp -j DROP
...
> -A tcp_packets -p tcp -m tcp --dport 80 -j allowed
> -A tcp_packets -p tcp -m tcp --dport 443 -m comment --comment "HTTPS" -j allowed
...

well, you're expliciting exposing all those ports via the chain
INPUT->*_packets->allowed, assuming eth1 is on internet side


HTH - 'night
--
paolo


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments:

Post a Comment