[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables DROP packets but Nmap show the ports opened !!

On Thursday, 06.04.2006 at 16:06 +0200, Robin-Vinet Mathieu wrote:

> I've got a question, about how DROPPED packets are shown to TCP
> scanners such as Nmap.
> I've done an IPtables script wich does what i want it to do, but even
> if unautorised packets are dropped and logged, when i nmap my server,
> almost all tcp ports are shown as opened.

Seeing the appropriate part of your ruleset, and the 'netstat -l' config
on the server would be helpful: together with actual nmap output from
the other host.

Just a thought: Are you sure that a connection from the machine you are
nmapping from actually passes over the firewall ruleset to get to the
server?  (It's not clear if you're running your firewall on the server,
or as a separate machine).

Please don't CC me on list messages!
Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org
All email from me is now digitally signed, key from http://www.sungate.co.uk/
Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92

Attachment: signature.asc
Description: Digital signature

Reply to: