Mailinglist Archive: opensuse (4343 mails)

< Previous Next >
Re: [SLE] iptables
  • From: jaakko tamminen <jaakko.tamminen@xxxxxxxxxx>
  • Date: Sat, 2 Nov 2002 19:23:06 +0200
  • Message-id: <200211021923.06764.jaakko.tamminen@xxxxxxxxxx>
Hi

> 213.66.14.220 - - [02/Nov/2002:16:46:13 +0100] "GET /scripts/root.exe?
> /c+dir HTTP/1.0" 404 270

Someone is trying to see if they can creep in thru Your web-server...

> And so forth...
> Is there a way to block them automagically, or do i have to do it "by
> hand"?

From http://freshmeat.net You could find some clever scripts that can do it.

> Also: I nmap my gateway:
> server:~ # nmap -sT 213.66.182.24

Did You do it from "outside" or from the gateway/LAN.. the result is
different.

> Starting nmap V. 2.53 by fyodor@xxxxxxxxxxxx ( www.insecure.org/nmap/ )
> Interesting ports on qux.foo.bar (xxx.yyy.zzz.qqq):
> (The 1515 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 80/tcp open http
> 111/tcp open sunrpc
> 139/tcp open netbios-ssn
> 631/tcp open unknown
> 1009/tcp open unknown
> 1025/tcp open listen
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
>
> I run iptables and try to block 111,139,631,1009 and 1025
> iptables -A INPUT -p tcp --destination-port 111 -i eth0 -j DROP
> but it is still open if i check again. Why?

Have a look in /etc/inetd.conf, some of the services might be there, and comes
before the firewall in incoming queue.

Jaska.



< Previous Next >
Follow Ups
References