On Fri, Oct 13, 2000 at 01:37:01PM -0400, Noah L. Meyerhans wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey all. I'm seeing odd results when I portscan my server from a remote > host. nmap is indicating that port 98 (the dreaded linuxconf port) is > in a filtered state. I have never ever ever installed linuxconf. I > know my ipchains rules have nothing to do with this, as I just flushed > all the rules, tried the portscan again, and saw the same results. > > fuser does not show any process listening on port 98. I built a new > fuser executable from trusted source (the Debian potato sources, freshly > downloaded) and still saw nothing on that port.
Have you tried looking with lsof? lsof -i tcp:98 or lsof -i udp:98 should work. > telnetting to that port from a remote host hangs while trying to > establish the connection. telnetting from the localhost gives a > connection refused message. Of course, filtered isn't necessarily a bad thing. From the nmap man page: Filtered means that a firewall, filter, or other network obstacle is covering the port and preventing nmap from determining whether the port is open. Are you running IPchains that is specifically blocking port 98? That would make sense for an IPchains firewall to block port 98 out of the box since you wouldn't want linuxconf access to the Internet at large. Getting a connection refused is okay too from localhost: [EMAIL PROTECTED] storm]$ telnet localhost 98 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused I do not have linuxconf installed on this box. Probably just your ipchains keeping nmap from checking a closed port. -- --Brad ============================================================================ Bradley M. Alexander, CISSP | Co-Chairman, Beowulf System Admin/Security Specialist | NoVALUG/DCLUG Security SIG Winstar Telecom | [EMAIL PROTECTED] (703) 889-1049 | [EMAIL PROTECTED] ============================================================================ Professional soldiers are predictable, but the world is full of amateurs. --Murphy's Laws of Combat
pgpNEvk6GxqDk.pgp
Description: PGP signature