[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

UDP blocking



My ipchains are:

Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
  REJECT     all  ------  169.254.0.0/16       0.0.0.0/0             n/a
  REJECT     all  ------  127.0.0.0/8          0.0.0.0/0             n/a
  REJECT     all  ------  172.16.0.0/12        0.0.0.0/0             n/a
  REJECT     all  ------  10.0.0.0/8           0.0.0.0/0             n/a 
  REJECT     all  ------  192.168.0.0/16       0.0.0.0/0             n/a 
  REJECT     udp  ------  0.0.0.0/0            0.0.0.0/0             *-> 3130
  REJECT     udp  ------  0.0.0.0/0            0.0.0.0/0             *->1:1024
Chain forward (policy DENY):
  target     prot opt     source                destination           ports
  MASQ       all  ------  192.168.1.0/24       0.0.0.0/0             n/a
Chain output (policy ACCEPT):
  target     prot opt     source                destination           ports
  DENY       all  ------  0.0.0.0/0            192.168.0.0/16        n/a
  DENY       all  ------  192.168.0.0/16       0.0.0.0/0             n/a
  -          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   23
  -          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   21
  -          tcp  ------  0.0.0.0/0            0.0.0.0/0             20 ->   *
  -          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   22
  -          tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->   80

Yet an UDP scan of ports 1-65535 gives me:

The UDP or stealth FIN/NULL/XMAS scan took 76304 seconds to scan 65535 ports.
Interesting ports on  (213.22.58.181):
Port    State       Protocol  Service
137     open        udp        netbios-ns
138     open        udp        netbios-dgm
2487    open        udp        unknown
 
Nmap run completed -- 1 IP address (1 host up) scanned in 76304 seconds

I thing 2487 is bind querying outside servers, or should I block that too?
But why do 137 and 138 remain open?
Should I change the policy to DENY?

Greetings,

Pedro.



Reply to: