Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Feb 2003 08:18:31 -0600
From:      Redmond Militante <r-militante@northwestern.edu>
To:        Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
Cc:        freebsd-security@freebsd.org
Subject:   Re: n00b ipf/ipnat questions
Message-ID:  <20030211141831.GB824@darkpossum>
In-Reply-To: <20030211090154.R30313-100000@cactus.fi.uba.ar>
References:  <20030211002256.GA824@darkpossum> <20030211090154.R30313-100000@cactus.fi.uba.ar>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
hi

thanks for responding
i made a few changes last night to my config, but i still see open ports when i run nmap , despite my ipf.rules.  if you like, i can post my updated config, although it's not that different...

tcp ports seem to be open.  i'm using: nmap -sS -v -O my.hostname.org
here's the results of an nmap run 


Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host my.hostname.org (129.x.x.x) appears to be up ... good.
Initiating SYN Stealth Scan against my.hostname.org (129.x.x.x)
Adding open port 32774/tcp
Adding open port 15/tcp
Adding open port 31337/tcp
Adding open port 1524/tcp
Adding open port 111/tcp
Adding open port 1/tcp
Adding open port 32771/tcp
Adding open port 79/tcp
Adding open port 54320/tcp
Adding open port 22/tcp
Adding open port 540/tcp
Adding open port 587/tcp
Adding open port 12346/tcp
Adding open port 1080/tcp
Adding open port 25/tcp
Adding open port 119/tcp
Adding open port 11/tcp
Adding open port 27665/tcp
Adding open port 6667/tcp
Adding open port 80/tcp
Adding open port 635/tcp
Adding open port 21/tcp
Adding open port 32773/tcp
Adding open port 143/tcp
Adding open port 32772/tcp
Adding open port 12345/tcp
Adding open port 2000/tcp
The SYN Stealth Scan took 157 seconds to scan 1601 ports.
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
For OSScan assuming that port 1 is open and port 35689 is closed and neither are firewalled
For OSScan assuming that port 1 is open and port 44468 is closed and neither are firewalled
For OSScan assuming that port 1 is open and port 31999 is closed and neither are firewalled
Interesting ports on herald.medill.northwestern.edu (129.105.51.6):
(The 1574 ports scanned but not shown below are in state: filtered)
Port       State       Service
1/tcp      open        tcpmux                  
11/tcp     open        systat                  
15/tcp     open        netstat                 
21/tcp     open        ftp                     
22/tcp     open        ssh                     
25/tcp     open        smtp                    
79/tcp     open        finger                  
80/tcp     open        http                    
111/tcp    open        sunrpc                  
119/tcp    open        nntp                    
143/tcp    open        imap2                   
540/tcp    open        uucp                    
587/tcp    open        submission              
635/tcp    open        unknown                 
1080/tcp   open        socks                   
1524/tcp   open        ingreslock              
2000/tcp   open        callbook                
6667/tcp   open        irc                     
12345/tcp  open        NetBus                  
12346/tcp  open        NetBus                  
27665/tcp  open        Trinoo_Master           
31337/tcp  open        Elite                   
32771/tcp  open        sometimes-rpc5          
32772/tcp  open        sometimes-rpc7          
32773/tcp  open        sometimes-rpc9          
32774/tcp  open        sometimes-rpc11         
54320/tcp  open        bo2k                    
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SInfo(V=3.00%P=i386-portbld-freebsd4.7%D=2/11%Time=3E490979%O=1%C=-1)
TSeq(Class=TR%IPID=I%TS=100HZ)
T1(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)


Uptime 0.007 days (since Tue Feb 11 08:21:40 2003)
TCP Sequence Prediction: Class=truly random
                         Difficulty=9999999 (Good luck!)
IPID Sequence Generation: Incremental

Nmap run completed -- 1 IP address (1 host up) scanned in 179 seconds


any advice you could give would be appreciated. 

thanks
redmond


> >
> > i've managed to get it nat'ing one machine so far, the webserver. the public
> > ip of the webserver is aliased to the external nic on the gateway machine.
> > httpd and ftp work ok behind the gateway box.  i have many questions,
> > however.  the first being why - despite the firewall rules i have in place
> > on the gateway, when i nmap the public ip of the webserver it shows me all
> > sorts of ports being open.  i can't make out from my gateway configuration
> > where this is happening.
> 
> What ports? is it TCP or UDP? UDP scanning is very prone to false positives.
> It would help if you post the nmap flags line you're using and the results,
> obsfuscate the IP if you don't want us to know it.
> 
> Another posibility is some interception/transparent proxy on your ISP.
> 
> 
> 			Fer
> 
> >
> > any advice would be appreciated
> >
> > thanks
> > redmond
> >
> 

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+SQY2FNjun16SvHYRAoxuAJwKHyfKEK1AMewDvGASHLOvO3FpEgCgqPSv
yoPwdyHSjTxhs9YjlB7PZ90=
=Hhgg
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030211141831.GB824>