Re: off-topic ports 1720 and 6000-6009 shown even though they should be filtered

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Phill wrote:
I know this isn't RHEL support, but I thought I'd ask this question anyways, see if you gurus know what might be going on. I have a rhel 5 web/ftp server. I'm using iptables to filter all ports except 21 and 80. Yet if I do an nmap of the server, this is the output I get.
-------------------------------
PORT     STATE  SERVICE
21/tcp   open   ftp
80/tcp   open   http
1720/tcp open   H.323/Q.931

FYI: http://www.packetizer.com/ipmc/h323/papers/primer/

VOIP, do you run Vonage or Skype? In any case the port is open, but nothing is listening (at the time you ran the probe).

6000/tcp closed X11
6001/tcp closed X11:1
6002/tcp closed X11:2
6003/tcp closed X11:3
6004/tcp closed X11:4
6005/tcp closed X11:5
6006/tcp closed X11:6
6007/tcp closed X11:7
6008/tcp closed X11:8
6009/tcp closed X11:9
6017/tcp closed xmail-ctrl
6050/tcp closed arcserve

I *think* this is one of those cases where the port generates a REJECT vs. DROP in iptables, meaning that instead of ignoring packets it returns a "go away" ICMP packet of some kind.

---------------------------------

Note the listening port 1720, netstat shows no service listening Should be irrelevant since the only traffic I'm accepting is port 21 and port 80, and related established. Shouldn't this output just show me port 21 and port 80 open and nothing else?

Related discussion: I wish I could return a "host unreachable" packet which made it look as if there was no computer on the net. AFAIK you can't, because the source IP is that of the host which can't be reached, and most ISPs get unhappy if you SNAT the packet to appear to come from their router. At least mine do, I tried, and one called me while the other dropped the packet.

In any case you're protected.

--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux