Hi
I tried the following ...
--- on one host, say 192.168.168.192 ---
#iptables -P INPUT DROP
#iptables -P OUTPUT DROP
#iptables -P FORWARD DROP
from another host
#nmap -sO -P0 192.168.168.192
Starting nmap 3.50 (
http://www.insecure.org/nmap/ ) at 2004-06-25 08:34 IST
Interesting protocols on 192.168.168.192:
PROTOCOL STATE SERVICE
0 open hopopt
1 open icmp
2 open igmp
3 open ggp
4 open ip
5 open st
6 open tcp
7 open cbt
8 open egp
9 open igp
10 open bbn-rcc-mon
11 open nvp-ii
12 open pup
13 open argus
14 open emcon
15 open xnet
16 open chaos
17 open udp
18 open mux
19 open dcn-meas
20 open hmp
21 open prm
22 open xns-idp
23 open trunk-1
24 open trunk-2
25 open leaf-1
26 open leaf-2
27 open rdp
28 open irtp
29 open iso-tp4
30 open netblt
31 open mfe-nsp
32 open merit-inp
33 open sep
34 open 3pc
35 open idpr
36 open xtp
37 open ddp
38 open idpr-cmtp
39 open tp++
40 open il
41 open ipv6
42 open sdrp
<rest snipped>
Is there even a remote chance that these could get exploited? If they can, how can it be thwarted.
If an attack (if possible) is directed towards the upper layers (of the OSI stack), would/wouldn't the iptables rules block them?
Am I being too paranoid? ... Perhaps ...