16 Oct
2000
16 Oct
'00
07:11
Hi
Probably asked a few times on this list but don't shoot me. I have the SuSEfirewall up and running and closed everything FW_SERVICES_EXTERNAL_TCP & UDP = "" and also INCOMING_HIGHPORTS_TCP & UDP = "". A portscan (nmap) however reveals that all the upd ports are open! Is this a risk or not and how are these closed with the help of the script?
This is probably a false nmap report because you're 'deny'ing all UDP packets to your hosts, i.e. you're dropping them on the floor silently. Since nmap doesn't receive an ICMP message telling it that there's no service listening at the destination port, it assumes that there is one there. In contrast to nmap's assessment, you're safe, you've closed all the UDP ports. HTH Tobias