similar to: Open UDP ports

Hi, I have shorewall version 1.4.10g on Redhat 9 Local clients are on eth1 in subnet 192.168.3.0/24. eth0 is for the outside (over xdsl with includes a ppp0 interface). Nessus (nessusd) is installed *on the firewall* and managed trough nessus (the client or frontend) running on one of the internal machines. When I was running a scan against 194.152.181.36 I observed several entries like

Hi I am using a small script that monitors my webservers from inside. If it does not find the test page on the primary webserver it flips DNAT to point to the hot backup webserver. This is the command that it uses: iptables -t nat -D PREROUTING -i eth0 -p tcp -d 65.211.35.209 -j DNAT --to 192.168.1.151 iptables -t nat -A PREROUTING -i eth0 -p tcp -d 65.211.35.209 -j DNAT --to 192.168.1.30

Hi, Is it possible to block the port scanning through shorewall, if yes then how? Thanks and Best Regards, Arif

Good morning/day/night to all! After moving all my infrastructure to Debian9, changed my ADDC from Win2K12 to Samba4 scanning my network I found the following: -------------------------------------------------------------------------------------------------------------------------------- koratsuki at happyharry:~$ nmap --script smb-vuln-ms08-067.nse -p445 smb-addc.tld Starting Nmap 7.50 (

Hello all, I’m running Shorewall 2.2.1 on linux kernel 2.6.10 with iptables 1.2.11. I recently ran a nessus scan of my firewall from a machine outside of the firewall and the nessus report told me that there are some ports open that I did not specify to be open. The ports are 32772/udp, 123/udp, 111/tcp, 32772/udp, and 53/udp. Why are these ports open when I did NOT specify them to be open

Dear All, Can anyone recommend a scanner that works well on 4.8. Thanks in advance, Regards, Dave -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20030906/4c29ef0a/attachment.bin

Greetings, Yet another strange pattern of traffic is being halted at the shorewall firewall, but I have no idea what this is. IANA shows the ports unassigned, and a net search yields only some of the same questions - what is this port? There are two machines as SOURCE, on the same class C network, adjacent, even, sending one connect attempt to TCP port 32230 every five minutes. I''m

Hi, I admit I never gave security that much thought, that is, except the most basic security rules like choosing good passwords, or reasonable file and directory permissions. But now I have to change that, since I'll soon have to setup a dedicated production server for our public libraries. I wonder where to begin. I would say first thing is get a series of "auditing" tools

I came across a problem when one of our clients was not able to access any of the servers on our network. This person has never connected to us before and now for this first time was trying to do it from his home is Houston, TX using earthlink cable service provided by Time Warner. All this information, I think, is important because when I started examining my shorewall logs I found out

I''m showing some wierd open ports, considering I only have two allow rules: AllowSSH & AllowAuth neverneverland:/# nmap localhost Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-17 23:49 CDT Interesting ports on neverneverland (127.0.0.1): (The 1656 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 9/tcp open discard 13/tcp open

I'm trying to get nessus setup for doing some internal security checking. I installed the ports for nessus and nessus-plugins, and everything worked as expected. I then registered for the full feed of plugins, which got me up to over 10,000 plugins. I restarted nessus, and it didn't work at all. I am running without X11, so I'm doing batch runs. I already have nmap installed, so I

Hello, I have used socketConnection to connect to a TCP server. I havent figured out a way to do the same with a UDP server. i.e I have a server listening on 9000, communicating via UDP. I would like to , from R, send packets to this server, This does not work u <- socketConnection('localhost',9000) Error in socketConnection("localhost", 9000, blocking = F) : cannot open

https://bugzilla.netfilter.org/show_bug.cgi?id=870 Summary: Iptables cannot block outbound packets sent by Nessus Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: Ubuntu Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org

Hi boys & girls : Probably my Subject is crazy, but due I haven''t tryed this, I prefer to ask. Is it possible to run snort in a fw box (using shorewall, of course). Your feedback will be very well appreciate. Thanks Benito.-

Hello, I would like to have some advices about security, securing asterisk server Already : - configured asterisk to run as 'non-root' user (http://www.voip-info.org/tiki-index.php?page=Asterisk+non-root) - fw config (http://www.voip-info.org/tiki-index.php?page=Asterisk+firewall+rules) Would like to know what are the things I have to be carefull with -

I have a fedora 3 with postfix and apache apache is ok, webmin is fine, etc no 25 or 110 ? kevin Jan 4 15:47:13 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= MAC=00:06:29:33 :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=33681 PROTO=TCP SPT=57621 DPT=25 WINDOW=2048 RES=0x00 SYN U RGP=0 Jan 4 15:47:20 ibm kernel:

Hi all Is it possible to just forward port to local computer but not give open access for that port? If I''ve understood right that this rule does give ACCESS from net to loc too: DNAT net loc:192.168.1.5 udp 7777 What I''m trying to say is that it would work so that everything that''s coming from net to that local computers port is DROPed or REJECTed if it''s

Hi, Is there any way to automatically block all traffic from IP''s that try more than X number of blocked ports for a preset amount of time? The log I get every morning seems to be getting bigger and bigger with port scans and attempts to access various services, it would be nice if these IP''s could be automatically blocked for like a week or two.. I wouldn''t want

When searching in google I could verify that many examples of used rules in shorewall do not exist to block port scanners external. Example: nmap. Somebody has some rule or example ? thanks.

------- BEGIN FORWARDED MESSAGE ------- From: g.pardon@pi.be To: teastep@shorewall.net Cc: Subject: Re: [Shorewall-users] Open ports How am I testing this? I''m doing a portscan using a portscanner like GFI Languard, Superscanner and nmap to check. Those two TCP-ports always showed up. Although, I think there are other to test it. I read the FAQ and the phenomenon (where is that