1. gheist 27,980
2. mr_egypt... 4,650
3. noci 3,000
4. oklit 2,750
5. arnold 2,000
5. Roachy1... 2,000
5. manav08 2,000
5. MSI_inst... 2,000
9. uetian1707 1,500
9. ryansoto 1,500
11. svs 1,000
11. jar3817 1,000
11. woolmilkp... 1,000
11. bevhost 1,000
11. flob9 1,000
16. maysara 200
17. SagiEDoc 80

1. gheist 165,068
2. it_alchem... 20,000
3. sunnycoder 7,324
4. noci 6,200
5. mr_egypt... 4,902
6. JustUNIX 4,000
7. Crossley 3,470
8. svs 3,000
9. oklit 2,750
10. DonKoyote 2,500
10. SteveSloan 2,500
12. jimbb 2,330
13. arnold 2,080
14. smokeyser 2,000
14. jasonsbytes 2,000
14. uetian1707 2,000
14. rindi 2,000
14. vico1 2,000
14. chingmd 2,000
14. anfi 2,000
14. Roachy1... 2,000
14. nixfreak 2,000
14. biscuit3 2,000
14. manav08 2,000
14. MSI_inst... 2,000

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

02/28/2008 at 05:30AM PST, ID: 23200135

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.9

NMAP shows ports that I know nothing about in the "filtered" state

Asked by psueoc in OpenBSD, Unix Operating Systems, BSD Unix

Tags: OpenBSD, Packet Filtering, 3.9

I noticed yesterday that when I run an NMAP against the external interface of my OpenBSD firewall it shows ports in the "filtered" state, that I know nothing about. In the past it would only show the ports that I purposely opened in the PF.CONF file. I don't know what changed, that's making me now see these "filtered" ports. Below is output from NMAP.

Starting Nmap 4.10 ( http://www.insecure.org/nmap ) at 2008-02-28 08:18 Eastern Standard Time
Interesting ports on email.eoc.psu.edu (128.118.20.198):
Not shown: 1661 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
554/tcp filtered rtsp
1025/tcp open NFS-or-IIS
1720/tcp filtered H.323/Q.931
2000/tcp filtered callbook
3389/tcp open ms-term-serv
5060/tcp filtered sip
49400/tcp filtered compaqdiag
50000/tcp filtered iiimsf
50002/tcp filtered iiimsf
54320/tcp filtered bo2k
61439/tcp filtered netprowler-manager
61440/tcp filtered netprowler-manager2
61441/tcp filtered netprowler-sensor
65301/tcp filtered pcanywhere

Nmap finished: 1 IP address (1 host up) scanned in 2.250 seconds

The ports in the OPEN state, are the ones that I opened on purpose. The ones in the filtered state, I know nothing about. Below is my pf.conf file

# VARIABLES
ext_if="xl1"
int_if="xl0"
tcp_services="{ 1025 }"
icmp_types="echoreq"
ssh="192.168.1.3"
web="192.168.1.3"
email="192.168.1.2"
ftp_server="192.168.1.3"

# OPTIONS
set block-policy return
set loginterface $ext_if
set skip on lo

# SCRUB
scrub in

# NAT/RDR
nat on $ext_if from !($ext_if) -> ($ext_if:0)

################# FTP ##################
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $ext_if proto tcp from any to any port 21 -> $ftp_server port 21
rdr on $ext_if proto tcp from any to any port 49152:65535 -> \
$ftp_server port 49152:65535
################# FTP ##################

rdr on $ext_if proto tcp from any to any port 80 -> $web
rdr on $ext_if proto tcp from any to any port smtp -> $email
rdr on $ext_if proto tcp from any to any port 3389 -> $web
rdr on $ext_if proto tcp from any to any port 22 -> $ssh

# FILTER RULES
block in
pass out keep state
anchor "ftp-proxy/*"
antispoof quick for {lo $int_if }

pass in on $ext_if proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state

pass in on $ext_if proto tcp from any to $web port 80 \
flags S/SA synproxy state

pass in on $ext_if proto tcp from any to $web port 3389 \
flags S/SA synproxy state

pass in on $ext_if proto tcp from any to $email port smtp \
flags S/SA synproxy state

pass in on $ext_if proto tcp from any to $ssh port 22 \
flags S/SA synproxy state

################# FTP #################
pass in quick on $ext_if proto tcp from any to $ftp_server \
port 21 keep state
pass in quick on $ext_if proto tcp from any to $ftp_server \
port > 49151 keep state
pass out quick on $int_if proto tcp from any to $ftp_server \
port 21 keep state
pass out quick on $int_if proto tcp from any to $ftp_server \
port > 49151 keep state
################# FTP #################

pass in inet proto icmp all icmp-type $icmp_types keep state
pass quick on $int_if

View the Solution FREE for 30 Days

20091028-EE-VQP-86 / EE_QW_2_20070628

NMAP shows ports that I know nothing about in the "filtered" state

Asked by psueoc in OpenBSD, Unix Operating Systems, BSD Unix

Tags: OpenBSD, Packet Filtering, 3.9

About this solution