LinuxQuestions.org - New installation of a VPS with Slackware: Strange filtered ports

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - New installation of a VPS with Slackware: Strange filtered ports (https://www.linuxquestions.org/questions/linux-security-4/new-installation-of-a-vps-with-slackware-strange-filtered-ports-360639/)

fax8	09-06-2005 04:24 AM

New installation of a VPS with Slackware: Strange filtered ports

Hi

Some days ago I activated a virtual private server with Slackware 9.1 for using
as a webserver for some of my websites.

After installation I did a nmap on the server and this was the output:
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
113/tcp open auth
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
4444/tcp filtered krb524
10000/tcp open snet-sensor-mgmt

I don't know what the filtered ports are becouse I don't
think I have programs that are using them and I still didn't
configure my iptables firewall.

I'm afraid this could be a sort of backdoor opened by some
malignous..

What do you guys think about this?

note: If I set up a firewall with iptables wich bloks the filtered port
nmap doesn't report them.

sin	09-06-2005 09:36 AM

is your machine directly connected to the the net or are you sitting behind some kind of router ?

i get somthing similar when scanning my external system from work

22/tcp open ssh
80/tcp open http
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds

i am not using samba on this system, however i belive it has somthing to do with my broadband router and its nasty build in fw :)

fax8	09-07-2005 04:13 PM

The VPS is behind a router at my ISP.

Also me was thinking about a firewall/router doing something
beetwen me and my VPS.

The strange thing is that now I set up iptables and
the strange ports aren't reported:

Code:

(The 1655 ports scanned but not shown below are in state: filtered)

PORT      STATE  SERVICE

21/tcp    open  ftp

22/tcp    open  ssh

25/tcp    open  smtp

53/tcp    open  domain

80/tcp    open  http

110/tcp  closed pop3

113/tcp  closed auth

10000/tcp open  snet-sensor-mgmt



Nmap finished: 1 IP address (1 host up) scanned in 176.875 seconds

This line is letting me thinking:
(The 1655 ports scanned but not shown below are in state: filtered)
maybe ports
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap

are not reported in nmap reports becouse now that iptable is up
all the ports are filtered so no more interesting

What do you think about???

Thanks

sin	09-08-2005 02:56 AM

could be, are you using DROP or REJECT ?

fax8	09-08-2005 04:28 PM

both of them.

I'm using kiss a firewall script

http://www.geocities.com/steve93138/
http://www.geocities.com/steve93138/kiss.txt

fax8	09-10-2005 09:13 AM

what do you think about?

All times are GMT -5. The time now is 03:32 PM.