44124 – guarddog not closing ftp, telnet and http ports (incoming connections)

Bug 44124 - guarddog not closing ftp, telnet and http ports (incoming connections)

Summary: guarddog not closing ftp, telnet and http ports (incoming connections)

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	Gentoo Netmon project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-03-09 05:20 UTC by Diego Chantrain
Modified:	2004-03-29 01:26 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
iptables-save output (iptablessaveoutput.txt,9.13 KB, text/plain) 2004-03-13 03:30 UTC, Diego Chantrain	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Diego Chantrain 2004-03-09 05:20:14 UTC

I have tried this under kernel 2.6.4-rc1-mm2 with guarddog ebuilds 2.2.0 and 2.3.1, same result everytime: the ftp, http and telnet ports are never closed to the outside world, no matter what I do in guarddog (filtering or outright blocking), though it does work properly for the other ports. An nmap from another machine (or checking on www.grc.com) shows that these ports are still open.

I am connecting to the Internet via a lan (dhcp on eth0, activated in guarddog as well).

Reproducible: Always
Steps to Reproduce:
1. Open guarddog as root
2. Block or filter ftp, http and telnet protocols served by "Local" zone to "Internet" zone
3. Press apply
4. Check on http://grc.com/x/ne.dll?rh1dkyd2

Actual Results:  
ftp, telnet and http ports remain open 

Expected Results:  
ftp, telnet and http should be either closed or silently dropping packets 

kernel 2.6.4-rc1-mm2 on an i686 
dhcp lan connection on eth0

Comment 1 Michael Boman (RETIRED) gentoo-dev

2004-03-12 22:31:39 UTC

I don't trust grc.com for anything. Can you attach the result of "iptables-save" after you have applied the ruleset that is suppsed to filter ftp, http and telnet?

Comment 2 Diego Chantrain 2004-03-13 03:30:33 UTC

Created attachment 27279 [details]
iptables-save output

Comment 3 Michael Boman (RETIRED) gentoo-dev

2004-03-13 05:32:43 UTC

According to your iptables-save output you do infact block http, ftp and telnet. I see that you are using some reserved IP addresses, which makes me belive that you have some sort of NAT device infront of your Gentoo machine.

Check with that one to see if it redirects the ports to a different PC. Also, some firewalls implements a "everything open" response to portscans, and some ISP's does this as well (my ISP, for an example, blocks HTTP and various backdoor ports.. but a portscan can sometimes show them as "open" (actually filtered, nmap speak)).

If you don't mind, find me on IRC, irc.freenode.net (nickname: mboman), and I can do a nmap of your machine and confirm which of the possibilities it is.

Guarddog does infact, as stated above, create the relevant block rules so something else is not configured propperly.

Comment 4 Michael Boman (RETIRED) gentoo-dev

2004-03-21 07:50:05 UTC

If no further feedback is recived, I am inclined to mark this bug as invalid, based on the output from iptables-save.

Comment 5 Michael Boman (RETIRED) gentoo-dev

2004-03-29 01:26:16 UTC

Resolving this bug as invalid as iptables-save output shows that the correct rules are created, so the GRC.com scan output should be caused by ISP.

No further feedback was recivied to prove otherwise either.