suck-o.com

Forums
https://forums.suck-o.com/

iptables vs. nmap

https://forums.suck-o.com/viewtopic.php?t=641

Page 1 of 1

iptables vs. nmap

Posted: 02 Apr 2006, 06:59
by bad_brain
I was playing with my firewall config after I sniffed nmap-packets, target was to confuse the OS fingerprinting.
here´s the result of my redhat home server before the firewall rules:

Code: Select all

Starting Nmap 4.00 ( http://www.insecure.org/nmap ) at 2006-04-01 15:49 Westeuropäische Sommerzeit
Interesting ports on 169.254.246.62:
(The 1666 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
443/tcp  open  https
3306/tcp open  mysql
6000/tcp open  X11
MAC Address: 00:11:3B:04:BA:CA (Micronet Communications)
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux 2.4.0 - 2.5.20
Uptime 0.045 days (since Sat Apr 01 14:44:15 2006)

Nmap finished: 1 IP address (1 host up) scanned in 2.375 seconds

here´s the result after applying the firewall rules:

Code: Select all

Starting Nmap 4.00 ( http://www.insecure.org/nmap ) at 2006-04-01 15:49 Westeuropäische Sommerzeit
Interesting ports on 169.254.246.62:
(The 1665 ports scanned but not shown below are in state: filtered)
PORT    STATE  SERVICE
20/tcp  closed ftp-data
21/tcp  closed ftp
22/tcp  open   ssh
25/tcp  closed smtp
53/tcp  closed domain
80/tcp  open   http
110/tcp closed pop3
MAC Address: 00:11:3B:04:BA:CA (Micronet Communications)
Device type: general purpose|broadband router|firewall
Running: Linux 2.4.X|2.5.X, D-Link embedded, WatchGuard embedded
OS details: Linux 2.4.0 - 2.5.20, Linux 2.4.18 - 2.4.20, Linux 2.4.26, Linux 2.4.27 or D-Link DSL-500T (running linux 2.4), WatchGuard Firebox X700
Uptime 0.046 days (since Sat Apr 01 14:44:16 2006)

Nmap finished: 1 IP address (1 host up) scanned in 22.188 seconds

it´s not really hiding the OS like ip personality does for example, but it´s at least pretty confusing,right? imo a good basic way to increase security on Linux without the need to compile a new kernel.

if anybody is interested in the rule settings let me know... :wink:

Posted: 02 Apr 2006, 07:35
by FrankB
Aren't toy affraid that your MAC address is so bltaantly and obscenely exposed ?
I hope you are not on a LAN over there...

--FrankB

Mr n00b for Sir l33t.[/code]

Posted: 02 Apr 2006, 07:55
by bad_brain
it´s my home server, no connection to any other network... :wink:

Posted: 24 Jul 2006, 08:59
by egghead4life
if you dont knwo what your doing in CUI (sounds like you dont)
use firestarter- its noob frendly.

a REAL HACKER knows that nmap is not trustworty. It doesnt allways work.
Try to telnet to the open port.

Also ipchains is alot more effective

Posted: 24 Jul 2006, 09:00
by egghead4life
telnet localhost 21 for ftp

firewalls are not allways the best. Nmap will not allways work, even though it sends an IMCP ping to its self.


TRY TELNET FROM YOUR COMPUTER. but nice info for n00bz

Posted: 24 Jul 2006, 12:50
by bad_brain
well, the point was to confuse an nmap scan.... :wink:
to telnet to a server is useless for info gathering if the server admin set fake banners and disabled HELP (or HELP is not even implemented), you should know if you´re at least a little familiar with server configuration....sounds like you aren´t.... 8)
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited