RE: Iptables can't close port 25 and 110

To: <debian-firewall@lists.debian.org>
Cc: <R.DElia@starcomitalia.com>
Subject: RE: Iptables can't close port 25 and 110
From: "Ronald Laarman" <ronald@laarman.xs4all.nl>
Date: Wed, 28 Jan 2004 00:01:13 +0100
Message-id: <[🔎] 485B1A23A33447408D64DC6E8BA8BDA7AD07@dc001.mydomain.local>

My problem seems to be solved :P

Guess I didn't have a problem to start ;) It seems my office machine,
running Windows XP is malfunctioning :(

Because iptables returned the same tcp-reset packets for port 25 and
199, iptables could not be the problem. So I fired up my RedHat box and
run nmap, port 25 and 110 were nicely closed :)

Look... scanning for port 25 running windows xp seems to be the same as
scanning port 80 :duh:

--- windump snippet ---
23:54:41.278782 IP ws001.mydomain.local > 10.0.0.4: icmp 8: echo request
seq 58397
23:54:41.278959 IP ws001.mydomain.local.57485 > 10.0.0.4.80: . ack
2311551262 win 4096
23:54:42.162474 IP ws001.mydomain.local.137 > 10.0.0.4.137: udp 50
23:54:43.662460 IP ws001.mydomain.local.137 > 10.0.0.4.137: udp 50
23:54:45.162853 IP ws001.mydomain.local.137 > 10.0.0.4.137: udp 50
23:54:47.283179 IP ws001.mydomain.local > 10.0.0.4: icmp 8: echo request
seq 58653
23:54:47.283239 IP ws001.mydomain.local.57486 > 10.0.0.4.80: . ack
1531410782 win 1024
--- // ---

Thanx everyone, especially Raffaela D'Elia. I learned a lot from this.

Ronald


-----Original Message-----
From: Raffaele D'Elia [mailto:R.DElia@starcomitalia.com] 
Sent: maandag 26 januari 2004 22:51
To: Ronald Laarman; debian-firewall@lists.debian.org
Subject: RE: Iptables can't close port 25 and 110

 
But nmap recognize port 25 opened and 199 closed.

What kind of scan are you doing?

Try tcpdump on the sender host too. The packets looks the same? May be 
the sending host is mangling the packets somwhere in the path from the 
server to the client.

Radel

************************************************************************
**
Questo messaggio puo' contenere informazioni di carattere estremamente
riservato e confidenziale. Qualora non foste i destinatari, vogliate
immediatamente informarci con lo stesso mezzo ed eliminare il messaggio,
con gli eventuali allegati, senza trattenerne copia. Qualsivoglia
utilizzo non autorizzato del contenuto di questo messaggio costituisce
violazione dell'obbligo di non prendere cognizione della corrispondenza
tra altri soggetti, salvo piu' grave illecito, ed espone il responsabile
alle relative conseguenze civili e penali.

This message is being sent from Starcom Italia Srl and may contain
information which is confidential or privileged.  If you are not the
intended recipient, please advise the sender immediately by reply e-mail
and delete this message and any attachments without retaining a copy.
Any unauthorized use of the content of this message is a breach of your
duty to respect the confidentiality of the correspondence between other
persons and can expose the responsible party to civil and/or criminal
penalties, and may constitute a more serious offense.
************************************************************************
**

Reply to:

Prev by Date: Re: !!! Blokada ip po próbie logowania - prosze o pomoc
Next by Date: Re: !!! Blokada ip po próbie logowania - prosze o pomoc
Previous by thread: Re: Iptables can't close port 25 and 110
Next by thread: Your message has been responsed.
Index(es):
- Date
- Thread