evernine
2004-05-15 12:39:29 UTC
hi all,
i have configured my openbsd box with PF to avoid nmap activity....
I found thanks to google this rules to block nmap.....
#no nmap
block in log quick on $ext inet proto tcp from any to any flags PUF/PUF
block in log quick on $ext inet proto tcp from any to any flags FUP/FUP
block in log quick on $ext inet proto tcp from any to any flags SF/SFRA
block in log quick on $ext inet proto tcp from any to any flags /SFRA
Its this ok?
Then i tried to nmap my box from an outside machine.... this was the
result.....
(i have no services open to the internet)
Interesting ports on x.x.x.x:
(The 1653 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
49400/tcp closed compaqdiag
54320/tcp closed bo2k
61439/tcp closed netprowler-manager
61440/tcp closed netprowler-manager2
61441/tcp closed netprowler-sensor
65301/tcp closed pcanywhere
Too many fingerprints match this host to give specific OS details
The strange things are these closed ports.... what are these ports??? i
haven't any kind of services only a ftp-proxy for the LAN clients....
Thx,
evernine.
PS: i found this rule against smurf attacks...
#no smurf
#block in quick on $ext inet from any to $ext:broadcast
but i receive a syntax error.... where is the mistake?
i have configured my openbsd box with PF to avoid nmap activity....
I found thanks to google this rules to block nmap.....
#no nmap
block in log quick on $ext inet proto tcp from any to any flags PUF/PUF
block in log quick on $ext inet proto tcp from any to any flags FUP/FUP
block in log quick on $ext inet proto tcp from any to any flags SF/SFRA
block in log quick on $ext inet proto tcp from any to any flags /SFRA
Its this ok?
Then i tried to nmap my box from an outside machine.... this was the
result.....
(i have no services open to the internet)
Interesting ports on x.x.x.x:
(The 1653 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
49400/tcp closed compaqdiag
54320/tcp closed bo2k
61439/tcp closed netprowler-manager
61440/tcp closed netprowler-manager2
61441/tcp closed netprowler-sensor
65301/tcp closed pcanywhere
Too many fingerprints match this host to give specific OS details
The strange things are these closed ports.... what are these ports??? i
haven't any kind of services only a ftp-proxy for the LAN clients....
Thx,
evernine.
PS: i found this rule against smurf attacks...
#no smurf
#block in quick on $ext inet from any to $ext:broadcast
but i receive a syntax error.... where is the mistake?