iptables and open ports

benjithegreat98 · 12-21-2003, 08:38 PM

I ran nmap from a remote computer and got this:

Host <my ip>chartertn.net <my ip> appears to be up ... good.
Initiating SYN Stealth Scan against <my ip>chartertn.net <my ip> at 20:10
Adding open port 21/tcp
Adding open port 25/tcp
The SYN Stealth Scan took 24 seconds to scan 1657 ports.
Interesting ports on <my ip>chartertn.net <my ip>:
(The 1640 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
397/tcp filtered mptn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1723/tcp filtered pptp
5050/tcp filtered mmcc
5190/tcp filtered aol
6667/tcp filtered irc
7000/tcp filtered afs3-fileserver
12345/tcp filtered NetBus
31337/tcp filtered Elite

I have an iptables entry to REJECT all new incoming packets, and when I run netstat on my computer it tells me I don't have anything running on port 21 or 25. Sendmail is not running and I chose not to install an ftp server on there.

Also, if a port is in a state filtered is it as good as closed? Should I worry?
BTW this is a Slack9.1 installation

Any help would be appreciated!

DavidPhillips · 12-22-2003, 12:42 AM

instead of DROP use REJECT to fix the filtered issue if you want to.

if 21 and 25 do not show up in the output of netstat they are most likely another computer.

to see what machine it's running on try this..

telnet ipaddress 25

example:

[david@zeus david]$ telnet dcphillips.net 25
Trying 68.63.15.139...
Connected to mail.dcphillips.net (68.63.15.139).
Escape character is '^]'.
220 mail.dcphillips.net ESMTP Wassup! Welcome to the mail shredder.

benjithegreat98 · 12-22-2003, 08:07 AM

I have attempted to telnet and I get nothing, no connection. I've tried remotely and locally and I get zilch. I will try the REJECT command however.

DavidPhillips · 12-22-2003, 10:19 PM

What do you have in your ruleset for tcp

moonloader · 12-23-2003, 06:44 AM

I think you're using portsentry,because portsentry opens or filters by default.if you don't want those ports opens or filters just try to configure portsentry didn't help just uninstall portsentry and all ports will be closed those portsentry opens or filters by default.open ports intrest sure the intruder or scanner usuall they would like to know what runs on that port?mostly trojan seekers or port flooders,but if a port closed or stealth from outside then it won't be attacked!

benjithegreat98 · 12-23-2003, 08:12 AM

I don't have the computer in front of me but basically if the connection is not ESTABLISHED then I tell it to reject. I am on a cable connection and I had the crazy idea that the cable modem provided by Charter would have open ports on it.... Like to send back a report to Charter or something of that nature. This is a computer I'm trying to turn into a router so I've only been testing eth0 (external port) I'm going to scan my eth1 and see what it turns up. If eth0 has ports 21 and 25 closed then I'll pretend they are really closed.

Does that sound crazy to anybody?