RE: Iptables can't close port 25 and 110
I already tried reject, I'll give an example to clarify my problem.
Removed all iptable rules an when running a nmap scan (remotely) I get
the following output:
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
110/tcp open pop3
199/tcp open smux
3306/tcp open mysql
I then inserted the following rules:
- IPTABLES -A INPUT -t tcp --destination-port 25 -j REJECT
- IPTABLES -A INPUT -t tcp --destination-port 80 -j REJECT
- IPTABLES -A INPUT -t tcp --destination-port 199 -j REJECT
Did a new scan and nmap returned:
PORT STATE SERVICE
25/tcp open smtp
110/tcp open pop3
3306/tcp open mysql
So even if I reject port 25, nmap detects it as open. And if I reject
port 80, nmap detects it as being closed.
Hope this give a better image of my problem.
Thanx
Ronald
-----Original Message-----
From: Raffaele D'Elia [mailto:R.DElia@starcomitalia.com]
Sent: maandag 26 januari 2004 14:06
To: Ronald Laarman; debian-firewall@lists.debian.org
Subject: RE: Iptables can't close port 25 and 110
-----Original Message-----
From: "Ronald Laarman" <ronald@laarman.xs4all.nl>
To: <debian-firewall@lists.debian.org>
Cc: <R.DElia@starcomitalia.com>
Date: Mon, 26 Jan 2004 13:53:00 +0100
Subject: RE: Iptables can't close port 25 and 110
> I know the difference between 'rejecting' and 'dropping' packages but
> how come iptables -P INPUT DROP will close of port 80.
iptables cannot close any port. You can only make another box believe
that port closed. This is done sending the same rst packet that a closed
port sends.
So you a remote attacker must see the rst packet; otherwise it'll know
you have firewalled an open port.
Drop is not the correct answer: try reject...
Radel
************************************************************************
**
Questo messaggio puo' contenere informazioni di carattere estremamente
riservato e confidenziale. Qualora non foste i destinatari, vogliate
immediatamente informarci con lo stesso mezzo ed eliminare il messaggio,
con gli eventuali allegati, senza trattenerne copia. Qualsivoglia
utilizzo non autorizzato del contenuto di questo messaggio costituisce
violazione dell'obbligo di non prendere cognizione della corrispondenza
tra altri soggetti, salvo piu' grave illecito, ed espone il responsabile
alle relative conseguenze civili e penali.
This message is being sent from Starcom Italia Srl and may contain
information which is confidential or privileged. If you are not the
intended recipient, please advise the sender immediately by reply e-mail
and delete this message and any attachments without retaining a copy.
Any unauthorized use of the content of this message is a breach of your
duty to respect the confidentiality of the correspondence between other
persons and can expose the responsible party to civil and/or criminal
penalties, and may constitute a more serious offense.
************************************************************************
**
Reply to: