i have a problem with iptables when i use nmap to scan ports then ports shown.this is my rules on my firewall.Quote:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1002:40080]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
[Code]...
Since I no longer have access to a spare machine to actually test this out on, I was hoping some kind soul might know the answer, or be willing to try it out for me. I'm trying to find out if the port scanner nmap can detect two different services which are sharing a single port. For instance, if I'd managed to set up, I dunno, a web server and an ftp server to both run over the same port, would nmap with version detection be able to detect both of them, or just one?
View 7 Replies View RelatedStrange issue here when trying to verify firewall on Server 8.04. No ftp service running at all on server, but both nmap and netcat report port 21 as being open, even though it isn't.I am 100% sure that port 21 is not actually accessible and iptables rules are fine. Trying to connect to the port fails, yet nmap and netcat seem to report a "false positive"?Have also checked on a number of other servers I'm running, and this "false positive" seems to apply to all of them.
View 1 Replies View RelatedIf you have been trying to compile & install the new NMAP 5.20 scanning utility as a 64 bit user, you may have run into some issues as I did...The compiler will halt when you attempt to 'make', saying that you need to recompile using -fPIC.The fix: "./configure CXXFLAGS=-fPIC CFLAGS=-fPIC LPFLAGS=-fPIC"then rerun "make".I hope this helps someone, as it took me way longer than it should have to get this going. Enjoy the new versions as it is supposed to have 10,000 updated OS detection signatures and new scripts!
View 2 Replies View Relatedwhen I nmap -sV domain I can see my chrooted apache2 banner how can I do not even show the banner even if is chrooted.
View 1 Replies View RelatedA scan on my computer reported as up many local ips which simply does not exist in my network. This host is supposed to have ip 192.168.0.4, but all other ip should not be there. I have a USB modem connected to a Linux box, connected itselfs to a wifi linksys router and thats it.
# nmap -sP '192.168.*.*' | grep -v down
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2010-11-18 21:46 CET
Host 192.168.0.4 appears to be up.
Host 192.168.7.27 appears to be up.
Host 192.168.10.0 appears to be up.
[Code]...
Are there any possible options to archive this w/ the 2.6.34 kernel? I know windows can do this w/ a button and BSD can drop packets when connected to closed ports...is IP personality usable in 2.6? Do I need work-arounds? any more options??Currently I've managed to @%#$ my OS fingerprints so results won't show as Linux.4/2.6...etc, but the problem is.. instead it's got the word "Redhat" in it (which is well... worse... because now.. if someone looks at my machine he/she'll know I am on either RHEL/Fedora )
View 14 Replies View RelatedI wouldn't call myself paranoid, but I do try to keep reasonably secure on my home network (WPA encryption, router firewall, etc.). I also occasionally use nmap to make sure I don't see any unknown computers logged into my network. The problem is I have five computers that all use DHCP on the network and they are not all up all of the time. At most, there are two to three online at any one time.
So, my question is: Do any of the IP addresses remain in the router's database for a computer that has gone offline (shutdown)?
The reason for my question is that today I ran nmap on my home network and noted an IP address that was not currently up on the network. It is, however, an address that is frequently assigned to one of the computers when it is online, but that address was not up at the time I ran nmap. Just trying to make sure my network is not being used by some nearby computer.
I am trying to understand why when running nmap against a SonicWALL firewall at a remote location, the SonicWall firewall is saying that most of its 65535 ports are open? I know this cant be correct and remember reading about how some of these network appliances are setup this way to thwart off attacks.
View 7 Replies View RelatedI would like to detect every login on my server. Not only ssh logins (virtual terminals) but also physical logins.There is a way to use nagios or a script to watch log files.But I would like to know is there a way to catch that information one step before.I thought about watching /dev/pts for changes but that is not different than log watching and everything does not appear in /dev/pts like a ssh tunnel (ssh -N user@server). These are only visible in logs because ssh tunnels do not open terminals.But I would like to be able to catch these on login.
View 8 Replies View RelatedI have been struggling with this for a very long time now. I have installed Fedora Core 9 on my computer. I have set it up as a caching-nameserver and this is working.
Then I wanted to secure my server with iptables, and I have so far made this script:
# Load the connection tracker kernel module
modprobe ip_conntrack
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
[Code]....
I can reach the dns server with ping. When trying Nslookup it says that it got SERVFAIL from 127.0.0.1 trying next server, and then it times out.
My resolv.conf file lists:
nameserver 127.0.0.1
nameserver DNS-server
Im pulling my hair out trying to get ftp to work through iptables.Im using vsftpd
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
I have a problem with iptables, when I execute
[code]....
I am trying to figure out how I can configure IPtables to only allow VNC traffic to an internal server over SSH.
My configuration is WAN < --- > Gateway (Ubuntu 9.10 Server) < --- > Internal Server (that I want to control with VNC over SSH)
I am using Fedora on my desktop pc. I want to know how can i protact my PC from outside world. What firewall policy should i implement in iptables to keep it more secure.
View 5 Replies View RelatedI'm following an openvpn installtion how to and it says to add this to the iptables:
Quote:
# External Interface for VPN
# VPN Interface
VPNIF="tun0"
VPNNET="172.16.0.0/24"
VPNIP="172.16.0.1"
### OpenVPN
[Code]....
Any thoughts as the whole formatting is separate and has the addition of FORWARD rules, etc. I need the VPN running on the .199 address
i set up a dmz to have a internet web server and ftp server, and ssh only from local network, so i wrote a iptables script to load during boot :
[Code]...
The problem is that everything works fine ( i have the same rules for other services such as samba, nfs, mysql on another server) BUT ftp there is no way to make it work. not even locally.when i try to connect, i log in, but while listing the directory i get MLSD ... and it hangs like this for a moment, then i get error message "connection time out" , "impossible to list directory". if i turn off the iptables script no problem,ftp works fine.. but why all services work and ftp no?
how do i have to modify the rules? what is strange also is that if i set as OUTPUT policy "accept", the server seems to be offline."host unknown" error message. I was thinking the rule INPUT is fine cause at least i can login, but the dir list is not going out, so gotta modify output rules. or state?
I've started a new job and have inherited a couple of RHEL4 64-bit servers. The firewall on them is currently disabled. I'm struggling to get them up and running as iptables is not the most user-friendly application. This lead me to downloading and trying a GUI front-end: Guarddog. Great app! But it doesn't have the default behavior I'm looking for. Here is what I need:
Default behavior: Firewall should be wide open, allowing ALL ports/IP's/TCP/UDP in and out of the server.
Blacklist: Oracle TCP port 1521 needs to be blocked in/out of the server.
This will help get us passed our company's security vulnerability scan. (We aren't able to patch/upgrade Oracle at this time because we'd lose vedor support with a legacy app). I will use these settings as a starting point, and then once I learn more and get more comfortable with iptables (or a GUI app) then I can fine tune things to make them more secure. As far as I know (correct me if I'm wrong) once I get a script I just copy it into /etc/rc.firewall and it will load when iptables starts.
Is this how I would do that?
iptables -A INPUT -p tcp --destination-port 21 -d ! 168.192.1.2 -j DROP
This should block all incoming connections on port 21 from 192.168.1.2, correct? Thus preventing that IP from logging into my FTP.
In the past i used OpenSUSE for a few months, in OpenSUSE all updates related to security labeled as "Security Update" like updates related to Firefox, unlike OpenSUSE in the Debian i did can't find a way to detect security updates.
View 5 Replies View RelatedWhat i wanted to do was block everything from getting in my pc but still be able to surf the web and still use instant messenger.
View 2 Replies View Relatedi ran this
Code:
iptables -N rate-limit
iptables -A rate-limit -p tcp -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 3 -j RETURN
iptables -A rate-limit -j DROP
iptables -I INPUT 1 -p tcp --dport 22 -j rate-limit
i am no longer able to ssh in to the machine , how can i reset iptables and firestarted back to default?
i need to open this address ftp.nai.com, is there a way to use address not ip in iptables?
View 7 Replies View RelatedI've recently moved from Firestarter to UFW/GUFW, and I wonder if someone could confirm if my iptables configuration is secure.
When I enter sudo iptables -L i get:
Code:
eth1 has connection to the net via gateway ..eth0 on the same machine has users on a intranet and needs access to the internet, i need to allow internet connection and prevent packets which logically originate from the internet getting into the intranet
View 1 Replies View RelatedInstalling a router, and I need to completely "wipe" iptables (flush I mean) on both computers, and I think I run ufw/gufw on both, so that would need to be uninstalled. The router is very secure, has NAT, etc, etc, and I'd rather setup all that side of things in one point, rather than on each computer.
View 2 Replies View RelatedCan I have both ufw and iptables running together? My server is currently using ufw, if I add an iptables rule will it have any effect?
View 6 Replies View RelatedI new in Linux, I have a Centos5 since sunday and well I have to configure the iptables security of this cpu, I read a lot of examples of iptables in the internet and also another Thread from here but Really a don't know what to do, I saw lots of codes but first of all I don't know where I have to write that and my teacher don't want to help me in this homework. I tried to write the codes in applications --> accessories --> Terminal
View 3 Replies View RelatedAfter discovering that the firewall was wide open I decided to finally study the iptables docs and learn how to add rules. Now, I've not yet finished reading guides and documentation but I'd like some advice before I set the default policy on the input chain to deny. I have added a permissive rule for the loopback adapter so that programs that use it do not become mute suddenly. I will also use netstat to see what ports to open for each program that connects to the internet. I'm not that interested in what ports to open but how to find what ports to open.
View 3 Replies View RelatedWe do NOT support samba on our Unbuntu servers but still zillions of windows machines are constantly trying to connect on the SMB ports. I've added a rule that drops access to destination ports 137-138 and that seems to work. But it creates many many log entries documenting that the packet has been dropped. I've been researching and cannot come up with a way to suppress logging for these drops.
View 4 Replies View Related