LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-06-2005, 04:24 AM   #1
fax8
Member
 
Registered: Jul 2004
Location: Italy
Distribution: SlackWare 10 - The Best
Posts: 72

Rep: Reputation: 15
New installation of a VPS with Slackware: Strange filtered ports


Hi

Some days ago I activated a virtual private server with Slackware 9.1 for using
as a webserver for some of my websites.

After installation I did a nmap on the server and this was the output:
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
113/tcp open auth
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
4444/tcp filtered krb524
10000/tcp open snet-sensor-mgmt

I don't know what the filtered ports are becouse I don't
think I have programs that are using them and I still didn't
configure my iptables firewall.

I'm afraid this could be a sort of backdoor opened by some
malignous..

What do you guys think about this?

note: If I set up a firewall with iptables wich bloks the filtered port
nmap doesn't report them.
 
Old 09-06-2005, 09:36 AM   #2
sin
LQ Newbie
 
Registered: Jun 2005
Location: UK
Distribution: Slackware
Posts: 28

Rep: Reputation: 15
is your machine directly connected to the the net or are you sitting behind some kind of router ?

i get somthing similar when scanning my external system from work

22/tcp open ssh
80/tcp open http
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds

i am not using samba on this system, however i belive it has somthing to do with my broadband router and its nasty build in fw
 
Old 09-07-2005, 04:13 PM   #3
fax8
Member
 
Registered: Jul 2004
Location: Italy
Distribution: SlackWare 10 - The Best
Posts: 72

Original Poster
Rep: Reputation: 15
The VPS is behind a router at my ISP.

Also me was thinking about a firewall/router doing something
beetwen me and my VPS.

The strange thing is that now I set up iptables and
the strange ports aren't reported:

Code:
(The 1655 ports scanned but not shown below are in state: filtered)
PORT      STATE  SERVICE
21/tcp    open   ftp
22/tcp    open   ssh
25/tcp    open   smtp
53/tcp    open   domain
80/tcp    open   http
110/tcp   closed pop3
113/tcp   closed auth
10000/tcp open   snet-sensor-mgmt

Nmap finished: 1 IP address (1 host up) scanned in 176.875 seconds
This line is letting me thinking:
(The 1655 ports scanned but not shown below are in state: filtered)
maybe ports
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap

are not reported in nmap reports becouse now that iptable is up
all the ports are filtered so no more interesting

What do you think about???

Thanks
 
Old 09-08-2005, 02:56 AM   #4
sin
LQ Newbie
 
Registered: Jun 2005
Location: UK
Distribution: Slackware
Posts: 28

Rep: Reputation: 15
could be, are you using DROP or REJECT ?
 
Old 09-08-2005, 04:28 PM   #5
fax8
Member
 
Registered: Jul 2004
Location: Italy
Distribution: SlackWare 10 - The Best
Posts: 72

Original Poster
Rep: Reputation: 15
both of them.

I'm using kiss a firewall script

http://www.geocities.com/steve93138/
http://www.geocities.com/steve93138/kiss.txt
 
Old 09-10-2005, 09:13 AM   #6
fax8
Member
 
Registered: Jul 2004
Location: Italy
Distribution: SlackWare 10 - The Best
Posts: 72

Original Poster
Rep: Reputation: 15
what do you think about?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where can I download UML VPS or Xen VPS to make a virtual private server? abefroman Linux - Software 3 12-09-2005 10:00 AM
closed vs. filtered ports servnov Linux - Security 3 10-01-2005 09:03 PM
How to check if packets/ports are being filtered/blocked mfeoli Linux - Networking 1 11-05-2004 05:27 AM
Help getting my ports filtered/closed.... BmxFace Linux - Security 3 02-04-2004 11:07 AM
Strange Ports in windows 98 lub0 General 7 10-05-2003 06:59 PM


All times are GMT -5. The time now is 11:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration