Re: [m0n0wall] Mystical open port 80...can't block

From:	"David Burgess" <apt dot get at gmail dot com>
To:	"Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Mystical open port 80...can't block
Date:	Wed, 23 May 2007 10:58:12 -0600

On 5/23/07, Rolf Kutz <kutz at netcologne dot de> wrote:
>
> * Quoting Hart, Benjamin (bhart at unifiedbrands dot net):
>
> > I ran nmap from a machine here at work yesterday and noticed that I
> > still had pptp enabled and the port was open..also notice that port 80
> > was open as well but not accepting connections.  Last night I created a
> > rule explicitly blocking port 80 and disabled the pptp setup.  However
> > today I just did another nmap scan and found that those two ports are
> > still open...what gives?
>
> It might be a transparent proxy somewhere on the
> way. You can check that with tcptraceroute and
> different target ports.
>
> regards, Rolf

Couldn't a connection from originating on the LAN open port 80 and keep it
open? Like a trojan or something? If you have a rule to explicitly block
that port but there is already a session open there, then wouldn't resetting
the firewall state table kill the session and block the port definitively?

db