maybe you're not running the test from outside ???
setup a dedicated host with a isdn-card - inet-connection and then try
again - be sure there is no networkconnection !
Mit freundlichen Grüßen
Bruno Leonhardt
CLP Domino R5 Systemadministrator
-----------
AnalyTek Systemhaus
Hospital Str. 2a
D-65589 Hadamar
Telefon : 06433/81403-15
Telefax : 06433/81403-40
Besuchen Sie uns im Internet unter : http://www.analytek.de
Volker Spies
27.11.02 10:58
An: suse-security@suse.com
Kopie:
Thema: [suse-security] ipchains and Portscan
Hallo,
I have problems with my ipchains firewall.
When I run a portscan with nmapwin to my linux box form the internet it
shows me the following ports as open:
7/tcp open echo
9/tcp open discard
13/tcp open daytime
17/tcp open qotd
18/tcp open msp
19/tcp open chargen
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
37/tcp open time
43/tcp open whois
53/tcp open domain
70/tcp open gopher
79/tcp open finger
80/tcp open http
81/tcp open hosts2-ns
88/tcp open kerberos-sec
109/tcp open pop-2
110/tcp open pop-3
113/tcp open auth
119/tcp open nntp
139/tcp open netbios-ssn
143/tcp open imap2
389/tcp open ldap
443/tcp open https
465/tcp open smtps
513/tcp open login
554/tcp open rtsp
563/tcp open snews
569/tcp open ms-rome
636/tcp open ldapssl
749/tcp open kerberos-adm
993/tcp open imaps
995/tcp open pop3s
1002/tcp open unknown
1494/tcp open citrix-ica
1720/tcp open H.323/Q.931
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-term-serv
5190/tcp open aol
5400/tcp open pcduo-old
6667/tcp open irc
7000/tcp open afs3-fileserver
7070/tcp open realserver
10000/tcp open snet-sensor-mgmt
12000/tcp open cce4x
The only services that are running to the outside
Sshd
Httpd
Ftpd
There are other services but not reachable form outside:
Smtp
Imap
Squid
Webmin
The rest is definitely blocked by the firewall rules (only to outside
interface). The firewall log shows that the ports are blocked. I see the
portscan and I see that, for example, Port 25 is denied.
Wired: On Port 10000 i've webmin running only reachable from the inside.
Why
does nmap show snet-sensor-mgmt ????
Why shows nmapwin (and other port scanners) that so many ports are in the
state OPEN???
By the way when I start nmap locally on the firewall then it shows the
correct ports open
Sshd
Httpd
Ftpd
Smtp
Imap
Squid
webmin
Best regards
Volker