UDP blocking
My ipchains are:
Chain input (policy ACCEPT):
target prot opt source destination ports
REJECT all ------ 169.254.0.0/16 0.0.0.0/0 n/a
REJECT all ------ 127.0.0.0/8 0.0.0.0/0 n/a
REJECT all ------ 172.16.0.0/12 0.0.0.0/0 n/a
REJECT all ------ 10.0.0.0/8 0.0.0.0/0 n/a
REJECT all ------ 192.168.0.0/16 0.0.0.0/0 n/a
REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 *-> 3130
REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 *->1:1024
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ 192.168.1.0/24 0.0.0.0/0 n/a
Chain output (policy ACCEPT):
target prot opt source destination ports
DENY all ------ 0.0.0.0/0 192.168.0.0/16 n/a
DENY all ------ 192.168.0.0/16 0.0.0.0/0 n/a
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 23
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 21
- tcp ------ 0.0.0.0/0 0.0.0.0/0 20 -> *
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 22
- tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 80
Yet an UDP scan of ports 1-65535 gives me:
The UDP or stealth FIN/NULL/XMAS scan took 76304 seconds to scan 65535 ports.
Interesting ports on (213.22.58.181):
Port State Protocol Service
137 open udp netbios-ns
138 open udp netbios-dgm
2487 open udp unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 76304 seconds
I thing 2487 is bind querying outside servers, or should I block that too?
But why do 137 and 138 remain open?
Should I change the policy to DENY?
Greetings,
Pedro.
Reply to: