blabub
10.07.07, 14:09
Guten Tag
Ich habe komische Ausgaben von meinem PC wenn ich in Scanne.
Es werden standardmässig alle Ports blockiert, bis auf jene wo ich freigebe.
Scann-Befehl:
nmap -sT -sR -sV -O -p- -PI -PT xx.xx.xx.xx
Nmap zeigt trotzdem offene Ports an:
PORT STATE SERVICE VERSION
1720/tcp filtered H.323/Q.931
1723/tcp filtered pptp
4662/tcp filtered edonkey
6667/tcp filtered irc
Device type: general purpose
Running: Apple Mac OS 8.X, Compaq Tru64 UNIX 5.X, Linux 2.4.X|2.5.X|2.6.X, Microsoft Windows Longhorn, Microsoft Windows
Too many fingerprints match this host to give specific OS details
Network Distance: 10 hops
Ich habe nun noch folgende Zeilen in die IPtables getan:
iptables -A INPUT -p tcp --dport 4662 -j DROP
iptables -A INPUT -p tcp --dport 6667 -j DROP
iptables -A INPUT -p tcp --dport 1723 -j DROP
Der Scann gab aber wieder das gleiche Resultat heraus.
iptables --list
iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:4662
DROP tcp -- anywhere anywhere tcp dpt:ircd
DROP tcp -- anywhere anywhere tcp dpt:1723
LOG 0 -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `INPUT INVALID '
DROP 0 -- anywhere anywhere state INVALID
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
MY_DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
MY_DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
MY_DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:58891
MY_REJECT 0 -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
LOG 0 -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `OUTPUT INVALID '
DROP 0 -- anywhere anywhere state INVALID
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW,RELATED,ESTABLISHED
MY_REJECT 0 -- anywhere anywhere
Chain MY_DROP (7 references)
target prot opt source destination
LOG 0 -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `PORTSCAN DROP '
DROP 0 -- anywhere anywhere
Chain MY_REJECT (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT TCP '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
LOG udp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT UDP '
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
LOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `DROP ICMP '
DROP icmp -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT OTHER '
REJECT 0 -- anywhere anywhere reject-with icmp-proto-unreachable
Liegt ein Fehler bei Nmap vor oder hab ich irgendetwas falsch gemacht?
Gruss
blabub
Ich habe komische Ausgaben von meinem PC wenn ich in Scanne.
Es werden standardmässig alle Ports blockiert, bis auf jene wo ich freigebe.
Scann-Befehl:
nmap -sT -sR -sV -O -p- -PI -PT xx.xx.xx.xx
Nmap zeigt trotzdem offene Ports an:
PORT STATE SERVICE VERSION
1720/tcp filtered H.323/Q.931
1723/tcp filtered pptp
4662/tcp filtered edonkey
6667/tcp filtered irc
Device type: general purpose
Running: Apple Mac OS 8.X, Compaq Tru64 UNIX 5.X, Linux 2.4.X|2.5.X|2.6.X, Microsoft Windows Longhorn, Microsoft Windows
Too many fingerprints match this host to give specific OS details
Network Distance: 10 hops
Ich habe nun noch folgende Zeilen in die IPtables getan:
iptables -A INPUT -p tcp --dport 4662 -j DROP
iptables -A INPUT -p tcp --dport 6667 -j DROP
iptables -A INPUT -p tcp --dport 1723 -j DROP
Der Scann gab aber wieder das gleiche Resultat heraus.
iptables --list
iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:4662
DROP tcp -- anywhere anywhere tcp dpt:ircd
DROP tcp -- anywhere anywhere tcp dpt:1723
LOG 0 -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `INPUT INVALID '
DROP 0 -- anywhere anywhere state INVALID
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
MY_DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
MY_DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
MY_DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:58891
MY_REJECT 0 -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
LOG 0 -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `OUTPUT INVALID '
DROP 0 -- anywhere anywhere state INVALID
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW,RELATED,ESTABLISHED
MY_REJECT 0 -- anywhere anywhere
Chain MY_DROP (7 references)
target prot opt source destination
LOG 0 -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `PORTSCAN DROP '
DROP 0 -- anywhere anywhere
Chain MY_REJECT (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT TCP '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
LOG udp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT UDP '
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
LOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `DROP ICMP '
DROP icmp -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT OTHER '
REJECT 0 -- anywhere anywhere reject-with icmp-proto-unreachable
Liegt ein Fehler bei Nmap vor oder hab ich irgendetwas falsch gemacht?
Gruss
blabub