thr3ads.net - Shorewall users - [Shorewall-users] strange UDP scan results on a Shorewall firewall [Mar 2002]

If this information is useful, please help other people find it:
Share via:

Tom Eastep

2002-Mar-01 21:28 UTC

[Shorewall-users] strange UDP scan results on a Shorewall firewall

nmap reports "no response" as "open" for UDP -- (Ref: the
nmap man
page).

-Tom
--
Tom Eastep   \ Shorewall -- iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net 

> -----Original Message-----
> From: shorewall-users-admin@shorewall.net 
> [mailto:shorewall-users-admin@shorewall.net] On Behalf Of Scott Duncan
> Sent: Saturday, March 02, 2002 1:23 AM
> To: Shorewall-users@shorewall.net
> Subject: [Shorewall-users] strange UDP scan results on a 
> Shorewall firewall
> 
> 
> I got a surprise when I did a scan for UDP ports (using nmap) 
> on a shorewall
> external interface. The UDP results show hundreds of ports 
> open including
> 161 and 162 (snmp ports). I had removed the snmp rpm previous 
> to the scan,
> so these ports were a special surprise. Since it is most likely a
> misconfiguration somewhere, can anybody give me some hints on 
> where I might
> have set a rule or a parameter that would cause a scan to 
> show every UDP
> port open?
> 
> Here is the config for this firewall:
> 
> Redhat 7.2
> iptables 1.2.4-2
> Shorewall 1.2.5
> 
> Zones:
> local
> dmz
> net
> 
> TCP ports forwarded from net to dmz are 25,53,80
> 
> Any clues would be appreciated!
> 
> Scott
> 
> 
> 
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users
>

Scott Duncan

2002-Mar-02 09:23 UTC

head link

[Shorewall-users] strange UDP scan results on a Shorewall firewall

I got a surprise when I did a scan for UDP ports (using nmap) on a shorewall
external interface. The UDP results show hundreds of ports open including
161 and 162 (snmp ports). I had removed the snmp rpm previous to the scan,
so these ports were a special surprise. Since it is most likely a
misconfiguration somewhere, can anybody give me some hints on where I might
have set a rule or a parameter that would cause a scan to show every UDP
port open?

Here is the config for this firewall:

Redhat 7.2
iptables 1.2.4-2
Shorewall 1.2.5

Zones:
local
dmz
net

TCP ports forwarded from net to dmz are 25,53,80

Any clues would be appreciated!

Scott

Shorewall users - Mar 2002 - strange UDP scan results on a Shorewall firewall

[Shorewall-users] strange UDP scan results on a Shorewall firewall

[Shorewall-users] strange UDP scan results on a Shorewall firewall