My ipchains are: Chain input (policy ACCEPT): target prot opt source destination ports REJECT all ------ 169.254.0.0/16 0.0.0.0/0 n/a REJECT all ------ 127.0.0.0/8 0.0.0.0/0 n/a REJECT all ------ 172.16.0.0/12 0.0.0.0/0 n/a REJECT all ------ 10.0.0.0/8 0.0.0.0/0 n/a REJECT all ------ 192.168.0.0/16 0.0.0.0/0 n/a REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 *-> 3130 REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 *->1:1024 Chain forward (policy DENY): target prot opt source destination ports MASQ all ------ 192.168.1.0/24 0.0.0.0/0 n/a Chain output (policy ACCEPT): target prot opt source destination ports DENY all ------ 0.0.0.0/0 192.168.0.0/16 n/a DENY all ------ 192.168.0.0/16 0.0.0.0/0 n/a - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 23 - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 21 - tcp ------ 0.0.0.0/0 0.0.0.0/0 20 -> * - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 22 - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 80
Yet an UDP scan of ports 1-65535 gives me: The UDP or stealth FIN/NULL/XMAS scan took 76304 seconds to scan 65535 ports. Interesting ports on (213.22.58.181): Port State Protocol Service 137 open udp netbios-ns 138 open udp netbios-dgm 2487 open udp unknown Nmap run completed -- 1 IP address (1 host up) scanned in 76304 seconds I thing 2487 is bind querying outside servers, or should I block that too? But why do 137 and 138 remain open? Should I change the policy to DENY? Greetings, Pedro.
