Date: Wed, 12 Feb 2003 17:55:58 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Redmond Militante <r-militante@northwestern.edu> Cc: freebsd-security@FreeBSD.org Subject: Re: n00b ipf/ipnat questions Message-ID: <20030212155558.GB2237@gothmog.gr> In-Reply-To: <20030211190738.GB791@darkpossum> References: <20030211002256.GA824@darkpossum> <20030211090154.R30313-100000@cactus.fi.uba.ar> <20030211141831.GB824@darkpossum> <1044990692.294.26.camel@ds9.sourcefire.com> <20030211190738.GB791@darkpossum>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2003-02-11 13:07, Redmond Militante <r-militante@northwestern.edu> wrote: > yeah > the reason i didn't think that portsentry would be causing this type > of behavioris that i'm also running it on a couple of standalone > workstations that i have firewalled with ipfilter, and when i nmap > these machines, it doesn't show a variety of ports being open due to > portsentry listening on them. That depends on what the default policy of the firewall is. If you use a ruleset that blocks all ports and allows only certain incoming packets, portsentry won't ever get a chance of seeing the blocked packets. This will not show anything to an nmap scan. If, on the other hand, you use a ruleset that allows everything through and only blocks certain ports or port-ranges, then portsentry will receive a lot more packets that before. This will show up as a huge list of open ports in an nmap scan. > i'm not sure why nmap would show these ports that portsentry's > listening on being open when behind a ipf/ipnat configuration... I'm not sure what your exact setup is (I have missed the beginning of this thread) so I can't answer this. - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030212155558.GB2237>