Iptables DROP packets but Nmap show the ports opened !!

To: debian-firewall@lists.debian.org
Subject: Iptables DROP packets but Nmap show the ports opened !!
From: Robin-Vinet Mathieu <robin@elda.org>
Date: Thu, 06 Apr 2006 16:06:57 +0200
Message-id: <[🔎] 1144332417.8979.12.camel@localhost>

Hi,

I've got a question, about how DROPPED packets are shown to TCP scanners such as Nmap.

I've done an IPtables script wich does what i want it to do, but even if unautorised packets are dropped and logged, when i nmap my server, almost all tcp ports are shown as opened.
Of course, some of those ports are (eg. TCP 80), but others are not (eg. TCP 445), i think it is clearly unsafe, cause hackers knows that there is a server behind those closed ports.
In my mind, a good firewall would show the firewalled TCP ports as "stealth" or "filtered" or in the last "closed", but i'd prefer "stealth".

Is it normal ? If not, do you know how can i solve that ?

Thanks a lot.

Regards,

--
Robin-Vinet Mathieu

Reply to:

Follow-Ups:
- RE: Iptables DROP packets but Nmap show the ports opened !!
  - From: "Gabriele Pongelli" <le0n_84@hotmail.com>
- Re: Iptables DROP packets but Nmap show the ports opened !!
  - From: Dave Ewart <davee@sungate.co.uk>
- Re: Iptables DROP packets but Nmap show the ports opened !!
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
- RE: Iptables DROP packets but Nmap show the ports opened !!
  - From: "Pablo" <paa-listas@argentina.com>
- Re: Iptables DROP packets but Nmap show the ports opened !!
  - From: idiom <idiom@istop.com>

Prev by Date: Re: nat help!
Next by Date: RE: Iptables DROP packets but Nmap show the ports opened !!
Previous by thread: webmin problem.
Next by thread: RE: Iptables DROP packets but Nmap show the ports opened !!
Index(es):
- Date
- Thread