Re: Port 80 Open
On Sat, Oct 27, 2007 at 06:15:31PM -0600, Telly Williams wrote:
> > > eh, not quite stealth
> What do you mean by that? Ansgar said the same thing. Now I'm
> feeling like a dummy.
that's simply not 'stealth' mode, as soon as you connect to an IP the normal
way (eg http://...) , the other side knows your IP and can map your side -
that's what grc.com did.
> > > > requests). Some of my ports (i.e., 25 and 443) are coming up as
> > > > closed. Why are these ports showing up as closed at all?
> > >
> > > why should they be open? are you providing SMTP and HTTPS to the outside?
> No, but I now understand what you're saying.
> -A INPUT -i eth1 -p tcp -j tcp_packets
> -A allowed -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A allowed -p tcp -j DROP
> -A tcp_packets -p tcp -m tcp --dport 80 -j allowed
> -A tcp_packets -p tcp -m tcp --dport 443 -m comment --comment "HTTPS" -j allowed
well, you're expliciting exposing all those ports via the chain
INPUT->*_packets->allowed, assuming eth1 is on internet side
HTH - 'night