Iptables DROP packets but Nmap show the ports opened !!
- To: firstname.lastname@example.org
- Subject: Iptables DROP packets but Nmap show the ports opened !!
- From: Robin-Vinet Mathieu <email@example.com>
- Date: Thu, 06 Apr 2006 16:06:57 +0200
- Message-id: <1144332417.8979.12.camel@localhost>
I've got a question, about how DROPPED packets are shown to TCP scanners such as Nmap.
I've done an IPtables script wich does what i want it to do, but even if unautorised packets are dropped and logged, when i nmap my server, almost all tcp ports are shown as opened.
Of course, some of those ports are (eg. TCP 80), but others are not (eg. TCP 445), i think it is clearly unsafe, cause hackers knows that there is a server behind those closed ports.
In my mind, a good firewall would show the firewalled TCP ports as "stealth" or "filtered" or in the last "closed", but i'd prefer "stealth".
Is it normal ? If not, do you know how can i solve that ?
Thanks a lot.