[ previous ] [ next ] [ threads ]
 
 From:  Alex Sandini <asandini at blue dash chip dot be>
 To:  Chet Harvey <chet at pittech dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] tcp open ports on wan interface in 1.1
 Date:  Fri, 03 Sep 2004 18:48:46 +0200
Chet Harvey wrote:
> Looking at the NMap output a few questions come to mind, A) does m0n0 plug 
> directly into the internet connection or B) do you have a "modem" device 
> between m0n0 and the outside?
Correct, the m0n0 is connected to a Terayon terapro cable modem, good point.

> 
> I ask because the footprint is ID'd as "Panasonic IP Technology Broadband 
> Networking Gateway, KX-HGW200".
AFAIK, the cable modem work's as bridge; when a plug a linux, openbsd or 
freebsd box to it, nmap reconize them as correctly.
Anyway, nmap OS guess is not to be trusted when ICMP is blocked and no 
rules are set to reject at least one port and accept at least one port 
on the firewall. I'll try to open m0n0's http port on WAN in a test 
environment.

> 
> When I run nessus or nmap against mine straight to the WAN interface (no router 
> or modem in between) using version 1.1b15 it can not ID the OS but guesses it 
> is Unix.
> 
> It could be your broadband router or modem that is actually responding.
Absolutely correct, thx for pointing it out.
> 
> Just a thought.
> 
> 1 suggestion, move SSH off of port 22 and change the response field to not ID 
> as SSH. I love watching people run RDP hacks on port 3389 which isn't RDP. I am 
> freak like that =)
No way on this box, users are accessing it and I don't want them to 
bother me because they can't connect...

Alex
> 
> 
> Chet Harvey
> Pitbull Technologies <http://www.pittech.com/> 
> Protecting your Digital Assets
> 703.407.7311
> 
> 
> Quoting Alex Sandini <asandini at blue dash chip dot be>:
> 
> 
>>/usr/local/bin/nmap -O -A -T4 example.com
>>Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-09-03 13:03 
>>CEST
>>Warning:  OS detection will be MUCH less reliable because we did not 
>>find at least 1 open and 1 closed TCP port
>>Interesting ports on example.com (xxx.xxx.xxx.xxx):
>>(The 1656 ports scanned but not shown below are in state: filtered)
>>PORT     STATE SERVICE       VERSION
>>22/tcp   open  ssh           OpenSSH 3.9p1 (protocol 1.99)
>>389/tcp  open  ldap?
>>1002/tcp open  windows-icfw?
>>1720/tcp open  microsoft-rdp Microsoft Terminal Service (Used with 
>>Netmeeting, Remote Desktop, Remote Assistance)
>>Device type: general purpose|media device|broadband router
>>Running: Linux 2.4.X, Pace embedded, Panasonic embedded
>>OS details: Linux 2.4.6 - 2.4.21, Pace digital cable TV receiver, 
>>Panasonic IP Technology Broadband Networking Gateway, KX-HGW200
>>
>>Nmap run completed -- 1 IP address (1 host up) scanned in 207.037 seconds
>>
>>nmap is ran from my office, the m0n0wall is at home.
>>
>>The only forwarded port is the 22.
>>I can indeed connect to to ports 389, 1002 and 1720 from the WAN interface.
>>
>>The telnet connections on are not shown when typing netstat -an in exec.php.
>>
>>Any can confirm/explain this?
>>
>>Cheers,
>>Alex
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>