Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
Re: [suse-security] ipchains or nessus bug ?
  • From: Alexander Reelsen <ar@xxxxxxxx>
  • Date: Fri, 28 Jul 2000 11:44:03 +0200
  • Message-id: <20000728114403.A13634@xxxxxxxxxxxxxxxxx>
Hi

On Fri, Jul 28, 2000 at 09:52:05AM +0200, Harald Scharf wrote:
> ipchains -I input -j DENY -p UDP -s 0.0.0.0/0 -d xxx.xxx.xxx.xxx/xxx 161 -l
> ipchains -I input -j DENY -p UDP -s 0.0.0.0/0 -d xxx.xxx.xxx.xxx/xxx 162 -l

> input DENY eth1 PROTO=17 [remote ip]:[remote port] [destination ip]:161
> L=141 S=0x00 I=25246 F=0x0000 T=53 (#7)
Looks fine.

> Thats ok, but when i start a security scan with nessus (Version 1.0.1), the
> final report tells about a
> security hole at SNMP and SNMP-TRAP ports.
> The access is seems to be read, write, public.....
> I do not think, that this is a correct predication
Well. Did you check that with a remote nessusd or with a nessusd installed
on your localhost? If the latter is the case, and you denied access via
ipchains using the --interfaces (ie eth0, ippp0, whatever), but your
connections went over the loopback interface, then the firewall rules
don't apply of course.
Just a tip, nothing more.


MfG/Regards, Alexander

--
Alexander Reelsen http://joker.rhwd.de
ref@xxxxxxxxx GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
ar@xxxxxxxx 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
Securing Debian: http://joker.rhwd.de/doc/Securing-Debian-HOWTO

< Previous Next >
References