[Bug 263637] New: SuSEFirewall does not block several ports
https://bugzilla.novell.com/show_bug.cgi?id=263637 Summary: SuSEFirewall does not block several ports Product: openSUSE 10.2 Version: Final Platform: i686 OS/Version: openSUSE 10.2 Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: oscar.mejia@gmail.com QAContact: qa@suse.de I only have http and ntp ports open in SuSEFirewall and when I run nmap it shows more ports open:
nmap [my internet IP]
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-04-11 23:59 CEST Interesting ports on VA1-1C-u-0363.mc.onolab.com (62.42.11.108): Not shown: 1676 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 3306/tcp open mysql Nmap finished: 1 IP address (1 host up) scanned in 0.313 seconds
After noticed some people were trying to login in my computer via ssh I uninstalled the ssh daemon (I think ssh daemon must not be running on default installation). But the security hole in SuSEFirewall continues. Now I have the mysql and rpcbind ports open without my aim. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=263637 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |oscar.mejia@gmail.com ------- Comment #1 from meissner@novell.com 2007-04-11 23:46 MST ------- please attach /etc/sysconfig/SuSEfirewall2 also specify with network device is your external device. did you try it from the same machine? or from a seperate machine? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=263637 ------- Comment #2 from oscar.mejia@gmail.com 2007-04-12 05:27 MST ------- Ok. I will attach /etc/sysconfig/SuSEfirewall2. Now I have more ports open. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=263637 ------- Comment #3 from oscar.mejia@gmail.com 2007-04-12 05:29 MST ------- the netework device is eth0 I just try on the same machine -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=263637 ------- Comment #4 from oscar.mejia@gmail.com 2007-04-12 05:33 MST ------- Created an attachment (id=130717) --> (https://bugzilla.novell.com/attachment.cgi?id=130717&action=view) /etc/sysconfig/SuSEfirewall2 This time I have more ports open Server HTTP Server NTP Ports TCP: 4662, 8080 Ports UDP: 4665, 4672 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=263637 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|oscar.mejia@gmail.com | Resolution| |INVALID ------- Comment #5 from lnussel@novell.com 2007-04-12 05:52 MST ------- you cannot run nmap on the same host you want to scan. All packets are routed through the loopback interface which is not filtered at all then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com