Re: Setting up a firewall with dynamic IPs

Matthew Dillon Tue, 13 Jul 1999 19:09:41 -0700 (PDT) (envelope-from dillon@apollo.backplane.com)

:Thanks for every one's help - I now have it working nicely. It's amazing what 
:you discover when RTFMing. Oddly enough, running nmap with the Christmas tree 
:scan (after I've allowed only smtp & ssh to be connected to) gives the 
:following -
:
:# ./nmap -v -v -sX foo
:
:Starting nmap V. 2.12 by Fyodor (fyo...@dhp.com, www.insecure.org/nmap/)
:Host foo.bar.com (123.45.67.89) appears to be up ... good.
:Initiating FIN,NULL, UDP, or Xmas stealth scan against foo.bar.com 
:(123.45.67.89)
:The UDP or stealth FIN/NULL/XMAS scan took 64 seconds to scan 1483 ports.
:Interesting ports on foo.bar.com (123.45.67.89):
:Port    State       Protocol  Service
:13      open        tcp        daytime         
:21      open        tcp        ftp             
:22      open        tcp        ssh             
:23      open        tcp        telnet          
:25      open        tcp        smtp            
:37      open        tcp        time            
:53      open        tcp        domain          
:80      open        tcp        http            
:111     open        tcp        sunrpc          
:119     open        tcp        nntp            
:513     open        tcp        login           
:514     open        tcp        shell           
:1017    open        tcp        unknown         
:1018    open        tcp        unknown         
:1019    open        tcp        unknown         
:1020    open        tcp        unknown         
:1021    open        tcp        unknown         
:1022    open        tcp        unknown         
:1023    open        tcp        unknown         
:2049    open        tcp        nfs             
:
:Nmap run completed -- 1 IP address (1 host up) scanned in 64 seconds
:
:Any attempt to connect to the ports listed above (apart from ssh & smtp) just 
:hangs. I take it that this is expected behaiviour of the firewall accepting 
:the connection and then ahnging onto it in order to slow attackers down?
:
:       Stephen


    Usually if a connection succeeds the firewall isn't stopping it
    at all.  How is nmap figuring out the service type?  I assume by
    making a connection and probing it.

    Here is what I get when I run nmap from inside my firewall

    # ./nmap -v -v -sX apollo.backplane.com

Port    State       Protocol  Service
13      open        tcp        daytime         
22      open        tcp        ssh             
25      open        tcp        smtp            
37      open        tcp        time            
53      open        tcp        domain          
79      open        tcp        finger          
80      open        tcp        http            
110     open        tcp        pop3            
111     open        tcp        sunrpc          
113     open        tcp        auth            
480     open        tcp        loadsrv         
515     open        tcp        printer         
1022    open        tcp        unknown         
1023    open        tcp        unknown         
2049    open        tcp        shilp           <--- huh? that's nfs

    And from outside my firewall

Port    State       Protocol  Service
22      open        tcp        ssh             
25      open        tcp        smtp            
53      open        tcp        domain          
79      open        tcp        finger          
80      open        tcp        http            
110     open        tcp        pop3            
113     open        tcp        auth            

                                        -Matt
                                        Matthew Dillon 
                                        <dil...@backplane.com>



To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message

Re: Setting up a firewall with dynamic IPs

Reply via email to