Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
One more small doubt.We have created a new chain and appended rules to it. When i used nmap port scanner i found the ports 135,137, 138, 139 and 445 ports STATE is filtered. But for ssh and others is open. How to do it in other machine?
One more small doubt.We have created a new chain and appended rules to it. When i used nmap port scanner i found the ports 135,137, 138, 139 and 445 ports STATE is filtered. But for ssh and others is open. How to do it in other machine?
That's because those are the only ports you are filtering. You have no rules to filter packets for any other ports. So any other port that has something listening on it will show up as open. I'm not sure I understand your question about the "other machine".
$ sudo /sbin/iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 14393 packets, 1293K bytes)
num pkts bytes target prot opt in out source destination
1 20 1652 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 17408 1706K LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'
3 8 400 SAMBA_CLIENTS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135
4 8 400 SAMBA_CLIENTS udp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137
5 8 400 SAMBA_CLIENTS udp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138
6 27 1360 SAMBA_CLIENTS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
7 2964 411K SAMBA_CLIENTS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
2 0 0 LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'
3 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
5 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
6 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 11538 packets, 1483K bytes)
num pkts bytes target prot opt in out source destination
1 20 1652 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
2 11538 1483K LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
Chain SAMBA_CLIENTS (5 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * * 192.168.0.7 0.0.0.0/0
2 2661 367K ACCEPT all -- * * 192.168.0.10 0.0.0.0/0
3 271 41786 ACCEPT all -- * * 192.168.0.207 0.0.0.0/0
4 83 4621 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
When i used nmap this is the result.
Code:
$ sudo nmap 192.168.0.88
Starting Nmap 4.20 ( http://insecure.org ) at 2008-09-29 14:36 IST
Interesting ports on localhost.localdomain (192.168.0.88):
Not shown: 1674 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
143/tcp open imap
445/tcp filtered microsoft-ds
697/tcp open unknown
730/tcp open netviewdm2
866/tcp open unknown
993/tcp open imaps
995/tcp open pop3s
2049/tcp open nfs
3306/tcp open mysql
8080/tcp open http-proxy
9090/tcp open zeus-admin
10000/tcp open snet-sensor-mgmt
Nmap finished: 1 IP address (1 host up) scanned in 2.609 seconds
$ sudo nmap 192.168.0.28
Starting Nmap 4.20 ( http://insecure.org ) at 2008-09-29 15:10 IST
Interesting ports on localhost.localdomain (192.168.0.28):
Not shown: 1685 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
443/tcp open https
768/tcp open unknown
1241/tcp open nessus
3306/tcp open mysql
5900/tcp open vnc
10000/tcp open snet-sensor-mgmt
How do i get "filter" for the ssh, telnet ports? Either for 88 or 28 ips.
Last edited by bkcreddy17; 09-29-2008 at 05:17 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
