Caff,
Akurat som sa zacal snazit riesit security trosku serioznejsie co ma ale prekvapuje ze mi nmap hlasi otvoreny port 1001 na oboch VPSkach obvzlast vzhladdom na iptables rules.
Toto je iptables -L output:
Chain INPUT (policy ACCEPT)
target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:smtp DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 61.174.51.208 anywhere RETURN all -- anywhere anywhere
A toto mi hlasi nmap z lokalneho PC:
Starting Nmap 6.00 ( http://nmap.org ) at 2014-02-15 20:00 CET Nmap scan report for sifro.co (185.8.164.47) Host is up (0.058s latency). Not shown: 995 filtered ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 443/tcp open https 1001/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 23.22 seconds
Vie mi niekto povedat WTF? resp. co robim zle?
Vdaka
Dne 15.2.2014 20:01, Timotej Šiškovič napsal(a):
Caff,
Akurat som sa zacal snazit riesit security trosku serioznejsie co ma ale prekvapuje ze mi nmap hlasi otvoreny port 1001 na oboch VPSkach obvzlast vzhladdom na iptables rules.
Toto je iptables -L output:
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:smtp DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 61.174.51.208 anywhere RETURN all -- anywhere anywhereA toto mi hlasi nmap z lokalneho PC:
Starting Nmap 6.00 ( http://nmap.org ) at 2014-02-15 20:00 CET Nmap scan report for sifro.co <http://sifro.co> (185.8.164.47) Host is up (0.058s latency). Not shown: 995 filtered ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 443/tcp open https 1001/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 23.22 secondsVie mi niekto povedat WTF? resp. co robim zle?
Vdaka
Community-list mailing list Community-list@lists.vpsfree.cz http://lists.vpsfree.cz/listinfo/community-list
V první řadě se podívej, jaký proces na tom portu poslouchá:
# netstat -tulpn
nuz vo vypise netstatu ho nevidim :(
On Sat, Feb 15, 2014 at 8:18 PM, Petr Krcmar petr.krcmar@vpsfree.cz wrote:
Dne 15.2.2014 20:01, Timotej Šiškovič napsal(a):
Caff,
Akurat som sa zacal snazit riesit security trosku serioznejsie co ma ale prekvapuje ze mi nmap hlasi otvoreny port 1001 na oboch VPSkach obvzlast vzhladdom na iptables rules.
Toto je iptables -L output:
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:smtp DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 61.174.51.208 anywhere RETURN all -- anywhere anywhereA toto mi hlasi nmap z lokalneho PC:
Starting Nmap 6.00 ( http://nmap.org ) at 2014-02-15 20:00 CET Nmap scan report for sifro.co <http://sifro.co> (185.8.164.47) Host is up (0.058s latency). Not shown: 995 filtered ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 443/tcp open https 1001/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 23.22 secondsVie mi niekto povedat WTF? resp. co robim zle?
Vdaka
Community-list mailing list Community-list@lists.vpsfree.cz http://lists.vpsfree.cz/listinfo/community-list
V první řadě se podívej, jaký proces na tom portu poslouchá:
# netstat -tulpn
-- Petr Krčmář vpsFree.cz _______________________________________________ Community-list mailing list Community-list@lists.vpsfree.cz http://lists.vpsfree.cz/listinfo/community-list
Dne 15.2.2014 20:20, Timotej Šiškovič napsal(a):
nuz vo vypise netstatu ho nevidim :(
On Sat, Feb 15, 2014 at 8:18 PM, Petr Krcmar <petr.krcmar@vpsfree.cz mailto:petr.krcmar@vpsfree.cz> wrote:
Dne 15.2.2014 20:01, Timotej Šiškovič napsal(a): > Caff, > > Akurat som sa zacal snazit riesit security trosku serioznejsie co ma ale > prekvapuje ze mi nmap hlasi otvoreny port 1001 na oboch VPSkach obvzlast > vzhladdom na iptables rules. > > Toto je iptables -L output: > > Chain INPUT (policy ACCEPT) > target prot opt source destination > fail2ban-ssh tcp -- anywhere anywhere > multiport dports ssh > ACCEPT tcp -- anywhere anywhere tcp > dpt:ssh > ACCEPT tcp -- anywhere anywhere tcp > dpt:http > ACCEPT tcp -- anywhere anywhere tcp > dpt:https > ACCEPT tcp -- anywhere anywhere tcp > dpt:smtp > DROP all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain fail2ban-ssh (1 references) > target prot opt source destination > DROP all -- 61.174.51.208 anywhere > RETURN all -- anywhere anywhere > > > A toto mi hlasi nmap z lokalneho PC: > > Starting Nmap 6.00 ( http://nmap.org ) at 2014-02-15 20:00 CET > Nmap scan report for sifro.co <http://sifro.co> <http://sifro.co> (185.8.164.47) > Host is up (0.058s latency). > Not shown: 995 filtered ports > PORT STATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 443/tcp open https > 1001/tcp open unknown > > Nmap done: 1 IP address (1 host up) scanned in 23.22 seconds > > > Vie mi niekto povedat WTF? resp. co robim zle? > > Vdaka > > > _______________________________________________ > Community-list mailing list > Community-list@lists.vpsfree.cz <mailto:Community-list@lists.vpsfree.cz> > http://lists.vpsfree.cz/listinfo/community-list > V první řadě se podívej, jaký proces na tom portu poslouchá: # netstat -tulpn -- Petr Krčmář vpsFree.cz _______________________________________________ Community-list mailing list Community-list@lists.vpsfree.cz <mailto:Community-list@lists.vpsfree.cz> http://lists.vpsfree.cz/listinfo/community-list
Community-list mailing list Community-list@lists.vpsfree.cz http://lists.vpsfree.cz/listinfo/community-list
Mně to na tom portu píše „filtered“, takže to blokují iptables a netuším, jestli tam něco je. Tím je to asi v pořádku.
Mně to na tom portu píše „filtered“, takže to blokují iptables a netuším, jestli tam něco je. Tím je to asi v pořádku.
Pokud neco zakazu v iptables (pomoci "-j DROP'), tak nmap na danem portu hlasi filtered bez ohledu na to jestli na tom zakazanem portu neco realne bezi nebo ne. DROP = paket zmizi v cerne dire a zpatky se neposle nic. Zakazat provoz lze i pres REJECT (coz je i default chovani kernelu na na neobsazenych portech, pokud neni napr. pres iptables nastaveno jinak), to pak posle zpatky paket s RST, coz pak na druhe strane vyvola okamzite "connection refused".
NMAP tyhle 2 stavy rozpozna, filtered znamena ze na tom portu je nejake pravidlo, co prichozi pakety zahazuje bez odpovedi misto standardniho paketu s RST znaciciho "na tomhle portu nic neni".
Martin Petricek
community-list@lists.vpsfree.cz
-
Martin Petricek -
Petr Krcmar -
Timotej Šiškovič