SuSEfirewall2 all UDP port open ???!!!
At initially test i saw all my udp ports open in my testbed network. In the configfile of SuSEfirewall2 you can read : # 8.) # Do you want to autoprotect all running network services on the firewall? # # If set to "yes", all network access to services TCP and UDP on this machine # will be prevented (except to those which you explicitly allow, see below: # FW_SERVICES_{EXT,DMZ,INT}_{TCP,UDP}) # # Choice: "yes" or "no", defaults to "yes" # FW_AUTOPROTECT_SERVICES="yes" and I did FW_SERVICES_EXT_TCP="22" # Common: smtp domain FW_SERVICES_EXT_UDP="" # Common: domain FW_SERVICES_EXT_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain syslog FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_INT_TCP="8080" # Common: ssh smtp domain FW_SERVICES_INT_UDP="" # Common: domain syslog FW_SERVICES_INT_IP="" if nmap -sU against the external interface from external host all udp-port comes up with. so why ? Starting nmap V. 2.02 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/) WARNING: -sU is now UDP scan -- for TCP FIN scan use -sF Interesting ports on (10.10.10.10): Port State Protocol Service 1 open udp tcpmux 2 open udp compressnet 3 open udp compressnet ... 48001 open udp nimspooler 48002 open udp nimhub 48003 open udp nimgtw
OK - my fault - I run V1.2 and there is changes.txt v1.3 14.07.01 FINAL -> FIRST OFFICIAL RELEASE * Fixed a bug in autoprotecting ports to externals (thanks to sielaff@chem.tu-berlin.de and D.Markwardt@tu-bs.de) -----Original Message----- From: Appeldorn [mailto:appeldorn@codixx.de] Sent: Friday, September 07, 2001 12:12 PM To: suse-security@suse.com Subject: [suse-security] SuSEfirewall2 all UDP port open ???!!! At initially test i saw all my udp ports open in my testbed network. In the configfile of SuSEfirewall2 you can read : # 8.) # Do you want to autoprotect all running network services on the firewall? # # If set to "yes", all network access to services TCP and UDP on this machine # will be prevented (except to those which you explicitly allow, see below: # FW_SERVICES_{EXT,DMZ,INT}_{TCP,UDP}) # # Choice: "yes" or "no", defaults to "yes" # FW_AUTOPROTECT_SERVICES="yes" and I did FW_SERVICES_EXT_TCP="22" # Common: smtp domain FW_SERVICES_EXT_UDP="" # Common: domain FW_SERVICES_EXT_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain syslog FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_INT_TCP="8080" # Common: ssh smtp domain FW_SERVICES_INT_UDP="" # Common: domain syslog FW_SERVICES_INT_IP="" if nmap -sU against the external interface from external host all udp-port comes up with. so why ? Starting nmap V. 2.02 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/) WARNING: -sU is now UDP scan -- for TCP FIN scan use -sF Interesting ports on (10.10.10.10): Port State Protocol Service 1 open udp tcpmux 2 open udp compressnet 3 open udp compressnet ... 48001 open udp nimspooler 48002 open udp nimhub 48003 open udp nimgtw -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (1)
-
Appeldorn