Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Help with iptables

  1. #11
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Help with iptables

    On 2015-05-17 00:26, Spork Schivago wrote:

    > Starting Nmap 6.00 ( http://nmap.org ) at 2015-05-17 01:13 EEST
    > NSE: Loaded 17 scripts for scanning.
    > Initiating Ping Scan at 01:13
    > Scanning xx.xx.xx.xx [4 ports]
    > Completed Ping Scan at 01:13, 1.33s elapsed (1 total hosts)
    >
    > *Nmap scan report for xx.xx.xx.xx [host down]
    > Note: Host seems down. If it is really up, but blocking our ping probes,
    > try -Pn
    >
    > Nmap done: 1 IP address (0 hosts up) scanned in 1.85 seconds
    > Raw packets sent: 8 (304B) | Rcvd: 3 (156B)


    That nmap scan is useless, the way it was made.

    What it is doing is sending a ping, and if it is not answered, the scan
    stops there because it /assumes/ the host is down.

    You have to use other options to tell it to ignore pings and go ahead
    with the rest of the scan.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  2. #12

    Default Re: Help with iptables

    Quote Originally Posted by robin_listas View Post
    On 2015-05-17 00:26, Spork Schivago wrote:

    > Starting Nmap 6.00 ( http://nmap.org ) at 2015-05-17 01:13 EEST
    > NSE: Loaded 17 scripts for scanning.
    > Initiating Ping Scan at 01:13
    > Scanning xx.xx.xx.xx [4 ports]
    > Completed Ping Scan at 01:13, 1.33s elapsed (1 total hosts)
    >
    > *Nmap scan report for xx.xx.xx.xx [host down]
    > Note: Host seems down. If it is really up, but blocking our ping probes,
    > try -Pn
    >
    > Nmap done: 1 IP address (0 hosts up) scanned in 1.85 seconds
    > Raw packets sent: 8 (304B) | Rcvd: 3 (156B)


    That nmap scan is useless, the way it was made.

    What it is doing is sending a ping, and if it is not answered, the scan
    stops there because it /assumes/ the host is down.

    You have to use other options to tell it to ignore pings and go ahead
    with the rest of the scan.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))
    I removed the ping option and tried again. It showed the ports as filtered. It showed my host as being up. Is there a way to stealth my machine using iptables? If there is, I wonder why that isn't the default option. I have yet to read that article on iptables. Perhaps when I finish my work and I get to reading it, it'll show me how to stealth my ports. Thanks.

  3. #13
    Join Date
    Nov 2008
    Location
    N. Wales
    Posts
    1,028

    Default Re: Help with iptables

    Spork Schivago donned his tin foil hat and penned:

    > I removed the ping option and tried again. It showed the ports as
    > filtered. It showed my host as being up. Is there a way to stealth my
    > machine using iptables? If there is, I wonder why that isn't the
    > default option. I have yet to read that article on iptables. Perhaps
    > when I finish my work and I get to reading it, it'll show me how to
    > stealth my ports. Thanks.
    >
    >


    There could be one problem with that.

    I.E. you stealth your machine so much that it cannot be seen and hence
    unreachable from outside unless by IP not address, that can easily be done
    but then "You" will have to be there to allow each and everything access
    while the machine is on the interlubes.

    Now if this is an internal LAN then just set the firewall as such: not to
    accept anything from external.

    If this is a home workstation or game PC then do not stealth too much
    because you will lock out of all those nice things that Steam etc. offer.

    Trust me I know, I am at the moment staying at a company address where I
    have sort of set up a corporate fire wall in conjunction with provider, I am
    lucky to be able to get on this site, everything is blocked so no Minecraft
    or anything for me :-( well not while I am connected here :-)

    HTH

    --
    Mark
    Nullus in verba
    Caveat emptor
    Nil illigitimi carborundum

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •