nmap shows port filtered, but iptables/ipchains not running

nmap shows port filtered, but iptables/ipchains not running

Post by Jeff Krimme » Mon, 28 Jun 2004 09:24:33



Greetings all,

I ran an nmap of a machine that I am trying make an NFS server, and the
results showed that the machine's "priv-term-1", "sunrpc", "nfs" and a
bunch of "X11" ports are all filtered. The odd thing is that this
machine's ipchains service is turned off (and, regardless, all of the
chains are empty).

How else can ports be filtered in Linux, if the iptables/ipchains service
is not running?

Thanks,

Jeff

--
Add an underscore between 'd' and 's' and remove the first three
letters of the alphabet for email.

 
 
 

nmap shows port filtered, but iptables/ipchains not running

Post by Michael Heimin » Mon, 28 Jun 2004 22:14:04


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message


Quote:> Greetings all,
> I ran an nmap of a machine that I am trying make an NFS server, and the
> results showed that the machine's "priv-term-1", "sunrpc", "nfs" and a
> bunch of "X11" ports are all filtered. The odd thing is that this

You could try using 'rpcinfo/showmount' (man rpcinfo), which is
suited for this task.

Quote:> machine's ipchains service is turned off (and, regardless, all of the
> chains are empty).
> How else can ports be filtered in Linux, if the iptables/ipchains service
> is not running?

Perhaps:

 man 5 hosts_access

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFA3sgbAkPEju3Se5QRAl4HAKDKNVm+vwIdAZ0nOd+lsXbNnOlGRQCgiMwe
oLNW99tv8kDMjHr/7DsaRcM=
=epsn
-----END PGP SIGNATURE-----

 
 
 

nmap shows port filtered, but iptables/ipchains not running

Post by Jeff Krimme » Tue, 29 Jun 2004 03:39:11



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message


> suggested:
>> Greetings all,

>> I ran an nmap of a machine that I am trying make an NFS server, and the
>> results showed that the machine's "priv-term-1", "sunrpc", "nfs" and a
>> bunch of "X11" ports are all filtered. The odd thing is that this

> You could try using 'rpcinfo/showmount' (man rpcinfo), which is suited
> for this task.

Both of these show an RPC error, even though the portmapper is running on
both machines.

Quote:>> machine's ipchains service is turned off (and, regardless, all of the
>> chains are empty).

>> How else can ports be filtered in Linux, if the iptables/ipchains
>> service is not running?

> Perhaps:

>  man 5 hosts_access

Thanks, and the /etc/hosts.allow and /etc/hosts.deny files are both set up
to allow the appropriate connections.

Any other ideas?

Jeff

--
Add an underscore between 'd' and 's' and remove the first three
letters of the alphabet for email.

 
 
 

nmap shows port filtered, but iptables/ipchains not running

Post by Michael Heimin » Tue, 29 Jun 2004 04:28:12


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message




>> suggested:
[..]
>> You could try using 'rpcinfo/showmount' (man rpcinfo), which is suited
>> for this task.
> Both of these show an RPC error, even though the portmapper is running on
> both machines.

Would you mind showing us the exact error message (cut&paste),
what does happen if you try 'rpcinfo -p localhost' on the nfs
server?

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFA3x/LAkPEju3Se5QRAjq0AJ9gHNjoV+xBh3k9J+TptANmRM5zHACdHX4S
abX3BJ0SlQXFVFY+O/GT14A=
=2Vke
-----END PGP SIGNATURE-----

 
 
 

1. ipchains--why do localhost ports still show in nmap?

I tried to implement an ipchain set for my laptop.  It will access the
internet only through a dial up ppp0 connection.  It has only localhost
(127.0.0.1 or 0.0.0.0).  There is no network card.

I studied the recent rootprompt.org article on the topic and wound up
with three ports, 111 (sunrpc), 515 (lpd), 6000 (X) that always display
in nmap, even though the article says they will become invisible to
nmap.  Reading through the IPCHAINS HOWTO didn't turn them off either,
even if I tried some speculative DENY ALL chains.

I do want to run X-Windows and have print access on my laptop.  I'm not
sure what port 111 (sunrpc) is buying me.  So my question is 1) are
these ports dangerous to leave like this (Open) and 2) how do I finally
block them if I need to?

Thanks,
Jerome.
--
Jerome Mrozak          "Never buy a dog and bark for yourself"

                         (the Stainless Steel Rat)

2. Unknown SCSI Card---compatible w/Linux?

3. iptables: filtered UDP ports are reported as open by nmap

4. Reco a good AGP card

5. Port scanning Solaris - nmap "filtered" ports and Nessus output

6. W3C HTTPD-How to disallow by IP

7. ipchains test with nmap and iptables logging

8. Lowering Latency

9. IPTables, forwarded ports are not filtered by previous rules, how to fix?

10. iptables v1.2.2: can't initialize iptables table `filter': Table does not exist

11. All UDP ports shown open with nmap scans?

12. NMAP shows no UDP Ports

13. nmap Shows Open Ports