Re: Iptables DROP packets but Nmap show the ports opened !!
Robin-Vinet Mathieu wrote:
Are you pen testing from a remote server? Or are you running nmap
locally on the same box?
I've got a question, about how DROPPED packets are shown to TCP
scanners such as Nmap.
I've done an IPtables script wich does what i want it to do, but even
if unautorised packets are dropped and logged, when i nmap my server,
almost all tcp ports are shown as opened.
Of course, some of those ports are (eg. TCP 80), but others are not
(eg. TCP 445), i think it is clearly unsafe, cause hackers knows that
there is a server behind those closed ports.
In my mind, a good firewall would show the firewalled TCP ports as
"stealth" or "filtered" or in the last "closed", but i'd prefer "stealth".
Is it normal ? If not, do you know how can i solve that ?
Thanks a lot.