[Dshield] little experiment
Henry Hertz Hobbit
hhhobbit at comcast.net
Tue Mar 1 15:50:27 GMT 2005
On Mon, 2005-02-28 at 19:59, Jonathan C. Webster wrote:
> Interesting: My NATing router/firewall is a Netgear FVS318 v1. NOTHING is supposed to be open.
> The Linux boxes in my tiny network do not listen on those ports.
> Probes to both ports 53 and 137 *DO* show up in the router log as being dropped, 137 very often.
> From your scan report:
> Note! This scanner tends to show firewalled UDP ports as open!
> Interesting ports on xxx.xxx.xxx.xxx.adsl.snet.net
> PORT STATE SERVICE VERSION
> 53/udp open domain?
> 137/udp open netbios-ns?
> Nmap run completed -- 1 IP address (1 host up) scanned in 31.035 seconds
Many of these little broadband router / switches will show this, but
when you make a request to the unit on either port, it shows up in the
logs as being blocked. I wonder why nmap thinks they are open? nmap
thinks that DLink is a Cisco PIX firewall (chuckle, chuckle). Oh yes, I
am running iptables BEHIND that firewall, so I have a double firewall.
I suspect it is the cable or DSL modem that is fooling nmap into finding
these "open" ports. To test it we need to remove the unit from the WAN
link and put a machine on the WAN side of the unit and nmap it from that
machine attached to the WAN port. You would either have to set the IP
address on the unit or make the machine on the WAN port be a DHCP
Key Name: "Henry Hertz Hobbit"
Key fingerprint = 924E BE61 1ACF B87A DCA9 009E E74C 183D 0164 F7D5
More information about the list