On Sun, Jun 16, 2002 at 10:54:50AM +0000, matt yee-king wrote:
| Hello
|
| I've testing the vulnerability of my box on a basic ports level by
| scanning it with nmap.
| does this mean theres some sort of firewall in place protecting my box?
There's some sort of network filtering going on. Whether it is
"working" depends on what it does compared with what you expect it to
do. nmap labels a port as "filtered" if it does not receive either a
SYN-ACK or a RST in response to a SYN packet.
This means that if you DROP every packet to that port, it is
"filtered". If you accept some hosts but not others it is also
"filtered" unless you test from an allowed host which will see it as
"open".
The difference in results when scanning from localhost and from
a remote machine is due to differences in the rules you (or someone
else) have set up.
| just that the network admin people say there isn't....
Do they control your machine? Every linux system can have its own
firewall/packet filter, and there can be firewalls or filters on other
systems or routers between the linux system and the other host.
| and whats all that windows netbios stuff??
It is netbios stuff :-). Netbios has ports 137-139 reserved, so when
nmap looks at those ports it is capable of displaying a name. Either
you allow netbios from only certain hosts (and not localhost) or you
are DROPping all such packets.
| and whats kdm?
Dunno. XDMCP is port 177 and it's the only reason I can think of for
[xgkw]dm to listen on a socket. Port 1024 isn't defined in
/etc/services.
| i'm not running kde...
| and am i mad sending all this data to this list - ?
No, not really.
-D
--
I can do all things through Christ who strengthens me.
Philippians 4:13
http://dman.ddts.net/~dman/
Attachment:
pgp2v1nayyjyX.pgp
Description: PGP signature