Login or Register to Ask a Question and Join Our Community


Cybersecurity

IPF pass in connection to port 21 even with no explicit rule

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity IPF pass in connection to port 21 even with no explicit rule
# 1  
Old 05-27-2010
IPF pass in connection to port 21 even with no explicit rule
I'm running IPF on solaris 10
Code:
bash-3.00# ipf -V #display ipf version
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask

: 0x107

with the following rules
Code:
bash-3.00# ipfstat  -o -i
block out all
pass out quick on eri0 proto tcp/udp from eri0/32 to any port = domain with keep state
pass out quick on eri0 proto tcp from eri0/32 to any port = 8080 keep state
pass out quick on eri0 proto tcp from eri0/32 to any port = 80 keep state
pass out quick on eri0 proto tcp from 192.168.244.0/24 to any port = 3306 keep state
pass out quick on eri0 proto udp from eri0/32 to any port = 623 keep state #for outbound ipmi
block in all
pass in quick on eri0 proto tcp from any to eri0/32 port = 80 keep state
pass in quick on eri0 proto tcp from any to eri0/32 port = 8080 keep state
pass in quick on eri0 proto tcp/udp from any to eri0/32 port = domain with keep state
bash-3.00#

but i'm still having a problem nmap scan shows that ftp port is open even there's no ftp service enabled
Code:
bash-3.00# svcs -a| grep ftp
disabled       May_24   svc:/network/ftp:default

when i try to telnet on 21 port it accepts connection.
so whats wrong
any ideas would be a great assist

---------- Post updated at 02:56 PM ---------- Previous update was at 01:38 AM ----------

when i ran

netstat to list listening ports

Code:
-bash-3.00$ netstat -an -f inet -P tcp | egrep -i list
127.0.0.1.4999             *.*                0      0 49152      0 LISTEN
      *.111                *.*                0      0 49152      0 LISTEN
      *.111                *.*                0      0 49152      0 LISTEN
      *.4045               *.*                0      0 49152      0 LISTEN
      *.4045               *.*                0      0 49152      0 LISTEN
      *.80                 *.*                0      0 49152      0 LISTEN
      *.32774              *.*                0      0 49152      0 LISTEN
      *.32775              *.*                0      0 49152      0 LISTEN
      *.514                *.*                0      0 49152      0 LISTEN
      *.7100               *.*                0      0 49152      0 LISTEN
      *.32776              *.*                0      0 49152      0 LISTEN
      *.32777              *.*                0      0 49152      0 LISTEN
      *.8080               *.*                0      0 49152      0 LISTEN
      *.3306               *.*                0      0 49152      0 LISTEN
      *.32779              *.*                0      0 49152      0 LISTEN
127.0.0.1.53               *.*                0      0 49152      0 LISTEN
xxx.xxx.xxx.xxx.53         *.*                0      0 49152      0 LISTEN
192.168.244.241.53         *.*                0      0 49152      0 LISTEN
127.0.0.1.953              *.*                0      0 49152      0 LISTEN
      *.32780              *.*                0      0 49152      0 LISTEN
      *.32781              *.*                0      0 49152      0 LISTEN
      *.6000               *.*                0      0 49152      0 LISTEN
      *.6000               *.*                0      0 49152      0 LISTEN

any ideas would be a great assist
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Ssh Connection refused port 22

Hello everybody, I'm a begginer using Solaris so I really need your help. I'm trying to copy a file using scp from a Red Hat Linux 6 server to an Oracle Solaris 11 machine and all i get is an error "" ssh: connection to host <HOST_IP> port 22: Connection refused lost connection. Thanks for... (6 Replies)
Discussion started by: limaco82
6 Replies

2. IP Networking

Facing issue in ip6table rule for port based routing management

Hi, Please help me on issue described below, I have 4 machine setup, M1 -> M2 -> M3 | M4. And A laptop that can be reachable through both M3 and M4. M2 has 2 NIC conected to M3 and M4. Now I want to divide the flow coming from M1 for laptop. At M2, I have done following,... (1 Reply)
Discussion started by: rahulbhansali24
1 Replies

3. AIX

X connection to localhost:10.0 broken (explicit kill or server shutdown)

I want to run applet on AIX 6 machine. I already have setup $DISPLAY variable for putty session by selecting X11 option. I got below error for any X related commands (xclock, X, applet viewer ) X connection to localhost:10.0 broken (explicit kill or server shutdown). Please can anyone... (0 Replies)
Discussion started by: kailas.girase
0 Replies

4. UNIX for Advanced & Expert Users

ipf/ipnat NAT/port forward issues

I've been going crazy trying to get this working. Here's the situation: we have a Solaris 10 box that connects an internal network to an external network. We're using ipf/ipnat on it. We've added a couple of new boxes to the internal network (192.168.1.100, .101) and want to be able to get to port... (1 Reply)
Discussion started by: spakov
1 Replies

5. Shell Programming and Scripting

How to pass port number in stop script

In unix i have to start service and it promts to enter port number: /usr/mydir/ca &gt;./stop_ca_devp And it prompts message like : Enter the port number of the server you would like to shut down : Then I type xxxx then it stops the service.Now what I need is remove manual intervention.... (3 Replies)
Discussion started by: krsnadasa
3 Replies

6. UNIX for Dummies Questions & Answers

Terminate a port connection

I have executed a command which has ports that have to be assigned. then I deleted the files. Now I need to reinstall the command. but it says the ports are not free How to terminate the port connections and reinstall in solaris unix ---------- Post updated at 09:07 PM ----------... (7 Replies)
Discussion started by: sriki32
7 Replies

7. UNIX for Advanced & Expert Users

connection to localhost:10.0 host broken (explicit kill or server shutdown)

Hi All, We use tomcat web server and it will get terminated with below error: connection to localhost:10.0 host broken (explicit kill or server shutdown) Please let me know how to fix this error. (5 Replies)
Discussion started by: bache_gowda
5 Replies

8. Programming

Cloning a socket connection, using other port numbers

Hello everybody, I've coded a multi-client server based on internet sockets using the scheme listen on port X-accept-fork, exactly like beej's guide At some point I would like to establish a secondary connection between a client and the server-child serving him. I was considering the... (4 Replies)
Discussion started by: jonas.gabriel
4 Replies

9. UNIX for Dummies Questions & Answers

How to check the TCP/UDP port of a connection

Hi, Users are connecting thru a KCML Client to UNIX machine, and I want to know which TCP/UDP port that client uses? How can I check the port of a user logged in? Regards, Tayyab (2 Replies)
Discussion started by: tayyabq8
2 Replies

10. Cybersecurity

Open Port 3306 for MySQL connection

I am needing to "un-block" port 3306 so that I can access MySQL from another PC. When I installed Mandrake 8.1, I set the security level to high because it is going to be a web server. I believe I have to allow access to my ports now and I do not know the commands to do that. If anyone... (4 Replies)
Discussion started by: gdboling
4 Replies
Login or Register to Ask a Question