Yes I understand that. I am using DROP. Why does it show filtered? As a drop policy on ipchains/ipfwadm, from what I've been told, is it drops the packet, does not reply back, and therefore should NOT show a filtered port.
Negrea Mihai wrote: > For this matter iptables has the REJECT target > DROP does not send an answer back to the attacker not waisting more bandwith > with the reply.. > with REJECT you can specify with what kind of icmp type to reject the packet.. > > On Thursday 28 February 2002 02:06 pm, you wrote: > > ################################## > > # POINTS > > ################################## > > Point 1] With IP Filter I have the equivilent of 'DROP' and it shows > > nothing with an nmap scan. > > Point 2] With IP Tables I have DROP and it shows filtered ports with an > > nmap scan. > > > > ################################## > > # NMAP SCAN TYPE USED > > ################################## > > nmap -sS -P0 -p port,numbers IP > > > > ################################## > > # QUESTIONS > > ################################## > > Question 1] I am wondering why IPTables does not do the same? > > Question 2] Is this a bug? > > Question 3] How do I make it so it does not show the filtered ports? > > > > ################################## > > # PROOF > > ################################## > > > > ################################## > > # NETFILTER > > ################################## > > I am using the following command. > > iptables -P INPUT DROP # This should NOT show filtered ports. > > > > ################################## > > # RESULT > > ################################## > > NETFILTER SHOWS FILTERED PORTS: > > bash# nmap -sS -P0 -p 21,22,25,80,113,119,139,3128 > > an.iptables-version-1.2.4.box.com > > > > Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) > > Interesting ports onan.iptables-version-1.2.4.box.com (x.x.x.x): > > Port State Service > > 21/tcp filtered ftp > > 22/tcp filtered ssh > > 25/tcp open smtp > > 80/tcp filtered http > > 113/tcp open auth > > 119/tcp filtered nntp > > 139/tcp filtered netbios-ssn > > 3128/tcp filtered squid-http > > > > ################################### > > # IPFILTER > > ################################### > > > > ################################### > > # RESULT > > ################################### > > IPFILTER DOES NOT SHOW FILTERED PORTS: > > bash# nmap -sS -P0 -p > > 7,9,13,19,21,22,23,25,37,79,111,113,139,143,512,513,51,540,665,6000,6112,71 > >00,32771,32772,32773,32774,32775,32776 an.ip.filter.box.com > > > > Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) > > Interesting ports on on.an.ipfilter.box.com) (x.x.x.x): > > (The 27 ports scanned but not shown below are in state: filtered) > > Port State Service > > 25/tcp open smtp > > 113/tcp open auth > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 7 seconds
