Re: AW: drop policy- udp ports open?

To: Dobersberger Dieter <dieter.dobersberger@trench.at>
Cc: debian-firewall@lists.debian.org
Subject: Re: AW: drop policy- udp ports open?
From: eduardgv <eduardgv@gmail.com>
Date: Mon, 31 Jan 2005 15:22:31 +0100
Message-id: <66c3877d050131062240398d61@mail.gmail.com>
Reply-to: eduardgv <eduardgv@gmail.com>
In-reply-to: <BD4DF1FC3158B443B644D1520262598C1007CB@neptun.trench.at>
References: <BD4DF1FC3158B443B644D1520262598C1007CB@neptun.trench.at>

Yes...so if you want your ports to appear as closed, you could use the target 

... -j REJECT --reject-with type

The type given can be icmp-net-unreachable, icmp-host-unreachable,
icmp-port-unreachable, icmp-proto-unreachable, icmp-net-prohibited or
icmp-host-prohibited.


Edu GV


On Fri, 28 Jan 2005 09:48:53 +0100, Dobersberger Dieter
<dieter.dobersberger_at_trench.at> wrote:
> > when i enter iptables -P INPUT DROP normally all ports should
> > be closed.
> > but a portscan from http://www.sns.co.at/german/tools.htm
> > tells me that
> > all tcp ports are stealth, icmp is closed and all scanned upd
> > ports are
> > open.
> 
> Because UDP is a stateless protocol an UDP scan can not be 100%
> accurate, because you can never know if your packet was received. You
> can only know if it was rejected, because you get an ICMP
> destination-unreachable packet back in that case. But if the packet was
> droped by a firewall some portscanners assume it was received by the
> destination host, because there is no negative answer.
> 
> So I would guess the scanner you are using is reporting the wrong ports
> as open.
> 
> You should verify your results with an external host running nmap to be
> sure.
> 
> best regards,
> Dieter
> 
>

Reply to:

References:
- AW: drop policy- udp ports open?
  - From: "Dobersberger Dieter" <dieter.dobersberger@trench.at>

Prev by Date: Re: TCPDUMP Problem...
Next by Date: Re: TCPDUMP Problem...
Previous by thread: AW: drop policy- udp ports open?
Next by thread: no scp or ftp
Index(es):
- Date
- Thread