[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables DROP packets but Nmap show the ports opened !!

Robin-Vinet Mathieu wrote:


I've got a question, about how DROPPED packets are shown to TCP scanners such as Nmap.

I've done an IPtables script wich does what i want it to do, but even if unautorised packets are dropped and logged, when i nmap my server, almost all tcp ports are shown as opened. Of course, some of those ports are (eg. TCP 80), but others are not (eg. TCP 445), i think it is clearly unsafe, cause hackers knows that there is a server behind those closed ports. In my mind, a good firewall would show the firewalled TCP ports as "stealth" or "filtered" or in the last "closed", but i'd prefer "stealth".

Is it normal ? If not, do you know how can i solve that ?

Thanks a lot.

Robin-Vinet Mathieu

Are you pen testing from a remote server? Or are you running nmap locally on the same box?

Reply to: