On Wednesday 03 December 2003 10:46 pm, David F. Strauch wrote:
> Hello All,
>
> I've been working with giptables firewall and have run into a big issue.
> Although my script seems to be correct namp is finding ports 25/tcp and
> 110/tcp open. To start troubleshooting this problem I've commented
> everything out and stripped down the ruleset to just the default DROP
> policy. Yet nmap -sT -F -P0 -0 xx.xx.xx.xx still returns 25/tcp and
> 110/tcp as open!
>
> Now I'm starting to think that iptables is broken. I've built iptables with
> grsecurity-1.9.12 and iptables1.2.8 with a plain vanilla kernel 2.4.22 Is
> anyone aware of any issues?
Where are you testing from?
Is there any chance (particularly with port 25) that the requests are being
redirected to some other server, and this is what is being reported as open?
Try doing "telnet xx.xx.xx.xx 25" and see what login banner you get for the
SMTP service - does this correspond to the machine you're testing, or any
other machine you know about?
Try the same thing on port 110 and see if that login banner reveals a clue
either.
Antony.
--
The idea that Bill Gates appeared like a knight in shining armour to lead all
customers out of a mire of technological chaos neatly ignores the fact that
it was he who, by peddling second-rate technology, led them into it in the
first place.
- Douglas Adams in The Guardian, 25th August 1995
Please reply to the list;
please don't CC me.
