Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Jul 1999 09:16:56 +0800
From:      Stephen Hocking-Senior Programmer PGS Tensor Perth <shocking@prth.pgs.com>
To:        hackers@freebsd.org
Cc:        shocking@bandicoot.prth.tensor.pgs.com
Subject:   Re: Setting up a firewall with dynamic IPs 
Message-ID:  <199907140116.JAA15266@ariadne.tensor.pgs.com>
In-Reply-To: Your message of "Tue, 13 Jul 1999 10:55:11 MST." <bulk.37120.19990713105511@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks for every one's help - I now have it working nicely. It's amazing what 
you discover when RTFMing. Oddly enough, running nmap with the Christmas tree 
scan (after I've allowed only smtp & ssh to be connected to) gives the 
following -

# ./nmap -v -v -sX foo

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Host foo.bar.com (123.45.67.89) appears to be up ... good.
Initiating FIN,NULL, UDP, or Xmas stealth scan against foo.bar.com 
(123.45.67.89)
The UDP or stealth FIN/NULL/XMAS scan took 64 seconds to scan 1483 ports.
Interesting ports on foo.bar.com (123.45.67.89):
Port    State       Protocol  Service
13      open        tcp        daytime         
21      open        tcp        ftp             
22      open        tcp        ssh             
23      open        tcp        telnet          
25      open        tcp        smtp            
37      open        tcp        time            
53      open        tcp        domain          
80      open        tcp        http            
111     open        tcp        sunrpc          
119     open        tcp        nntp            
513     open        tcp        login           
514     open        tcp        shell           
1017    open        tcp        unknown         
1018    open        tcp        unknown         
1019    open        tcp        unknown         
1020    open        tcp        unknown         
1021    open        tcp        unknown         
1022    open        tcp        unknown         
1023    open        tcp        unknown         
2049    open        tcp        nfs             

Nmap run completed -- 1 IP address (1 host up) scanned in 64 seconds

Any attempt to connect to the ports listed above (apart from ssh & smtp) just 
hangs. I take it that this is expected behaiviour of the firewall accepting 
the connection and then ahnging onto it in order to slow attackers down?


	Stephen
-- 
  The views expressed above are not those of PGS Tensor.

    "We've heard that a million monkeys at a million keyboards could produce
     the Complete Works of Shakespeare; now, thanks to the Internet, we know
     this is not true."            Robert Wilensky, University of California




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907140116.JAA15266>