thr3ads.net - Shorewall users - Ports open?? [Jun 2004]

If this information is useful, please help other people find it:
Share via:

Michael Freiermuth

2004-Jun-18 16:35 UTC

Ports open??

Hi all

I have a problem with my shorewall 1.4.10c firewall:
Until someone(Hackers I think) removed it from my system, my previous
Installation worked fine...
Now I restored it, but I want to be sure to reduce the possibility to be
hacked to a minimum...

If I scan my host from the internet (with windows XP and NetScan5 Tool),
I''m
getting the following open ports:

00021 FTP
00389 LDAP
01002 TCP UNKNOWN
01720 TCP UNKNOWN

I''m using Shorewall 1.4.10c and Debian 3.0 testing
I''m also using the 2 interfaces template

I tried to block the Ports above, adding the lines beginning with DROP ...
in the rules section below
and I commented out the net to fw rules as a precaution

but I''m getting still the same result.

What are you using to scan the ports? Probably there is an error in the
portscanner?


Thanks for helping

Greetings
Michael



and configured it as shown:
----------------------------------------------------------------------------
--------
Interfaces:
----------------------------------------------------------------------------
--------
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     ppp0            detect          dhcp,routefilter,norfc1918
loc     eth0            detect
----------------------------------------------------------------------------
--------
Policy:
----------------------------------------------------------------------------
--------
#SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
loc             net             ACCEPT
fw              net             ACCEPT
net             all             DROP            info
all             all             REJECT          info
----------------------------------------------------------------------------
--------
Rules:
----------------------------------------------------------------------------
--------
############################################################################
##
#ACTION         SOURCE          DEST            PROTO   DEST    SOURCE
ORIGINAL
#                                                       PORT    PORT(S) DEST
#
DROP            net             fw              tcp     389
DROP            net             fw              tcp     1002
DROP            net             fw              tcp     1720
DROP            net             fw              tcp     21
#
#WAKE ON LAN
#
ACCEPT          loc             loc             tcp     2304
#
#
#-MYSQL
#
ACCEPT          loc             loc             tcp     3306
ACCEPT          loc             net             tcp     3306
DROP            net             loc             tcp     3306
#
#
#       Accept DNS connections from the firewall to the network
#
ACCEPT          loc             fw              tcp     53
ACCEPT          loc             fw              udp     53
ACCEPT          fw              net             tcp     53
ACCEPT          fw              net             udp     53
#ACCEPT         net             fw              tcp     http
ACCEPT          loc             net             tcp     smtp
###
#       Accept SSH connections from the local network for administration
#
ACCEPT          loc             fw              tcp     22
#
#       Allow Ping To And From Firewall
#
ACCEPT          loc             fw              icmp    8
#ACCEPT         net             fw              icmp    8
ACCEPT          fw              loc             icmp    8
ACCEPT          fw              net             icmp    8
----------------------------------------------------------------------------
--------

Tom Eastep

2004-Jun-18 17:26 UTC

head link

Re: Ports open??

Michael Freiermuth wrote:
> 
> I''m using Shorewall 1.4.10c and Debian 3.0 testing
> I''m also using the 2 interfaces template
> 
> I tried to block the Ports above, adding the lines beginning with DROP ...
> in the rules section below
> and I commented out the net to fw rules as a precaution
> 
> but I''m getting still the same result.
> 
> What are you using to scan the ports? Probably there is an error in the
> portscanner?
To accurately check your firewall, you need to place the port scanner on 
the same LAN segment as your external firewall interface; otherwise, you 
have other routers/gateways in the path between the port scanner and 
your firewall and these intermediate hosts can take their own actions.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - Jun 2004 - Ports open??

Ports open??

Re: Ports open??