[ previous ] [ next ] [ threads ]
 From:  Rolf Kutz <kutz at netcologne dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Mystical open port 80...can't block
 Date:  Thu, 24 May 2007 13:15:07 +0200
* Quoting David Burgess (apt dot get at gmail dot com):

> On 5/23/07, Rolf Kutz <kutz at netcologne dot de> wrote:
> >
> >* Quoting Hart, Benjamin (bhart at unifiedbrands dot net):
> >
> >> I ran nmap from a machine here at work yesterday and noticed that I
> >> still had pptp enabled and the port was open..also notice that port 80
> >> was open as well but not accepting connections.  Last night I created a
> >> rule explicitly blocking port 80 and disabled the pptp setup.  However
> >> today I just did another nmap scan and found that those two ports are
> >> still open...what gives?
> >
> >It might be a transparent proxy somewhere on the
> >way. You can check that with tcptraceroute and
> >different target ports.
> Couldn't a connection from originating on the LAN open port 80 and keep it
> open? Like a trojan or something? If you have a rule to explicitly block
> that port but there is already a session open there, then wouldn't resetting
> the firewall state table kill the session and block the port definitively?

A portscan only shows open ports if something is
listening, not if the firewall allows forwarding
for that port.

- Rolf