Mailinglist Archive: opensuse-security (575 mails)

< Previous Next >
ipchains and Portscan
Hallo,

I have problems with my ipchains firewall.

When I run a portscan with nmapwin to my linux box form the internet it
shows me the following ports as open:

7/tcp open echo
9/tcp open discard
13/tcp open daytime
17/tcp open qotd
18/tcp open msp
19/tcp open chargen
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
37/tcp open time
43/tcp open whois
53/tcp open domain
70/tcp open gopher
79/tcp open finger
80/tcp open http
81/tcp open hosts2-ns
88/tcp open kerberos-sec
109/tcp open pop-2
110/tcp open pop-3
113/tcp open auth
119/tcp open nntp
139/tcp open netbios-ssn
143/tcp open imap2
389/tcp open ldap
443/tcp open https
465/tcp open smtps
513/tcp open login
554/tcp open rtsp
563/tcp open snews
569/tcp open ms-rome
636/tcp open ldapssl
749/tcp open kerberos-adm
993/tcp open imaps
995/tcp open pop3s
1002/tcp open unknown
1494/tcp open citrix-ica
1720/tcp open H.323/Q.931
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-term-serv
5190/tcp open aol
5400/tcp open pcduo-old
6667/tcp open irc
7000/tcp open afs3-fileserver
7070/tcp open realserver
10000/tcp open snet-sensor-mgmt
12000/tcp open cce4x

The only services that are running to the outside

Sshd
Httpd
Ftpd

There are other services but not reachable form outside:

Smtp
Imap
Squid
Webmin

The rest is definitely blocked by the firewall rules (only to outside
interface). The firewall log shows that the ports are blocked. I see the
portscan and I see that, for example, Port 25 is denied.

Wired: On Port 10000 i've webmin running only reachable from the inside. Why
does nmap show snet-sensor-mgmt ????

Why shows nmapwin (and other port scanners) that so many ports are in the
state OPEN???

By the way when I start nmap locally on the firewall then it shows the
correct ports open

Sshd
Httpd
Ftpd
Smtp
Imap
Squid
webmin

Best regards

Volker
< Previous Next >