[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Iptables can't close port 25 and 110

I already tried reject, I'll give an example to clarify my problem.

Removed all iptable rules an when running a nmap scan (remotely) I get
the following output:

PORT     STATE SERVICE
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
199/tcp  open  smux
3306/tcp open  mysql

I then inserted the following rules:

- IPTABLES -A INPUT -t tcp --destination-port 25 -j REJECT
- IPTABLES -A INPUT -t tcp --destination-port 80 -j REJECT
- IPTABLES -A INPUT -t tcp --destination-port 199 -j REJECT

Did a new scan and nmap returned:

PORT     STATE SERVICE
25/tcp   open  smtp
110/tcp  open  pop3
3306/tcp open  mysql

So even if I reject port 25, nmap detects it as open. And if I reject
port 80, nmap detects it as being closed.

Hope this give a better image of my problem.

Thanx

Ronald 

-----Original Message-----
From: Raffaele D'Elia [mailto:R.DElia@starcomitalia.com] 
Sent: maandag 26 januari 2004 14:06
To: Ronald Laarman; debian-firewall@lists.debian.org
Subject: RE: Iptables can't close port 25 and 110

-----Original Message-----
From: "Ronald Laarman" <ronald@laarman.xs4all.nl>
To: <debian-firewall@lists.debian.org>
Cc: <R.DElia@starcomitalia.com>
Date: Mon, 26 Jan 2004 13:53:00 +0100
Subject: RE: Iptables can't close port 25 and 110

> I know the difference between 'rejecting' and 'dropping' packages but 
> how come iptables -P INPUT DROP will close of port 80.
 

iptables cannot close any port. You can only make another box believe 
that port closed. This is done sending the same rst packet that a closed

port sends.
So you a remote attacker must see the rst packet; otherwise it'll know 
you have firewalled an open port.

Drop is not the correct answer: try reject...

Radel

************************************************************************
**
Questo messaggio puo' contenere informazioni di carattere estremamente
riservato e confidenziale. Qualora non foste i destinatari, vogliate
immediatamente informarci con lo stesso mezzo ed eliminare il messaggio,
con gli eventuali allegati, senza trattenerne copia. Qualsivoglia
utilizzo non autorizzato del contenuto di questo messaggio costituisce
violazione dell'obbligo di non prendere cognizione della corrispondenza
tra altri soggetti, salvo piu' grave illecito, ed espone il responsabile
alle relative conseguenze civili e penali.

This message is being sent from Starcom Italia Srl and may contain
information which is confidential or privileged.  If you are not the
intended recipient, please advise the sender immediately by reply e-mail
and delete this message and any attachments without retaining a copy.
Any unauthorized use of the content of this message is a breach of your
duty to respect the confidentiality of the correspondence between other
persons and can expose the responsible party to civil and/or criminal
penalties, and may constitute a more serious offense.
************************************************************************
**
Reply to: