LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-17-2014, 06:29 AM   #16
welshdemon
LQ Newbie
 
Registered: Oct 2009
Posts: 13

Original Poster
Rep: Reputation: 0

Its a dedicated server.

Even if those services were running, why when all ports are set to DROP, are they showing as open? To me this means a defective firewall, surely?

I am more concerned with why the rule isn't working so I can learn about iptables and WTF is going on, as opposed to just stopping services.

Any packets to those ports should be dropped at network level with no response whatsoever, showing nothing is even there, am I not correct in this assumption?


I HAVE NOT opened those ports. This is an example of my ruleset. Only port 80 should respond, surely? I don't understand. Is the port scanner an "established" connection and therefore being accepted? WTF is going on?


-P OUTPUT ACCEPT
-P INPUT DROP

-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
 
Old 02-17-2014, 06:42 AM   #17
welshdemon
LQ Newbie
 
Registered: Oct 2009
Posts: 13

Original Poster
Rep: Reputation: 0
OK Im starting to think it a problem with the port scanner. For the record I was using Superscan 4.1, which always served me well in the olden days before nmap was released on windows.

Dont worry about it. nmap only shows port 80....

Thanks.

Last edited by welshdemon; 02-17-2014 at 06:44 AM.
 
Old 02-17-2014, 07:08 AM   #18
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 6.5
Posts: 484

Rep: Reputation: 85
I assumed vps since you stated that earlier. Vps vs dedicated server are two different things.

If it was vps running on shared ip, other sevices on different clients could have triggered those ports open if you did a scan on the ip.

Glad you got it sorted though. Always double check with different tools.

Last edited by ericson007; 02-17-2014 at 07:10 AM.
 
Old 02-17-2014, 07:30 AM   #19
yzT!
Member
 
Registered: Jan 2013
Distribution: Debian
Posts: 163

Rep: Reputation: 2
Quote:
Originally Posted by welshdemon View Post
OK Im starting to think it a problem with the port scanner. For the record I was using Superscan 4.1, which always served me well in the olden days before nmap was released on windows.

Dont worry about it. nmap only shows port 80....

Thanks.
I was assuming you were using either nmap or netcat... xd
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Prerouting with DROP as the default rule loureed4 Linux - Security 15 01-02-2015 03:20 PM
[SOLVED] Iptables Drop rule sree123 Linux - Newbie 2 06-16-2012 02:00 PM
[SOLVED] iptables: drop rule mrmnemo Linux - Newbie 3 04-20-2010 11:14 PM
nmap shows port 80 open on WAN IP scan. NuxIT Linux - Security 10 06-24-2006 01:21 AM
how to drop all packets to one host with the default rule of accept dan5009 Linux - Security 1 08-20-2003 05:55 PM


All times are GMT -5. The time now is 03:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration