Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: IPF pass in connection to port 21 even with no explicit rule
Special Forums Cybersecurity IPF pass in connection to port 21 even with no explicit rule Post 302424940 by h@foorsa.biz on Thursday 27th of May 2010 05:56:01 AM
Old 05-27-2010
IPF pass in connection to port 21 even with no explicit rule
I'm running IPF on solaris 10
Code:
bash-3.00# ipf -V #display ipf version
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask

: 0x107

with the following rules
Code:
bash-3.00# ipfstat  -o -i
block out all
pass out quick on eri0 proto tcp/udp from eri0/32 to any port = domain with keep state
pass out quick on eri0 proto tcp from eri0/32 to any port = 8080 keep state
pass out quick on eri0 proto tcp from eri0/32 to any port = 80 keep state
pass out quick on eri0 proto tcp from 192.168.244.0/24 to any port = 3306 keep state
pass out quick on eri0 proto udp from eri0/32 to any port = 623 keep state #for outbound ipmi
block in all
pass in quick on eri0 proto tcp from any to eri0/32 port = 80 keep state
pass in quick on eri0 proto tcp from any to eri0/32 port = 8080 keep state
pass in quick on eri0 proto tcp/udp from any to eri0/32 port = domain with keep state
bash-3.00#

but i'm still having a problem nmap scan shows that ftp port is open even there's no ftp service enabled
Code:
bash-3.00# svcs -a| grep ftp
disabled       May_24   svc:/network/ftp:default

when i try to telnet on 21 port it accepts connection.
so whats wrong
any ideas would be a great assist

---------- Post updated at 02:56 PM ---------- Previous update was at 01:38 AM ----------

when i ran

netstat to list listening ports

Code:
-bash-3.00$ netstat -an -f inet -P tcp | egrep -i list
127.0.0.1.4999             *.*                0      0 49152      0 LISTEN
      *.111                *.*                0      0 49152      0 LISTEN
      *.111                *.*                0      0 49152      0 LISTEN
      *.4045               *.*                0      0 49152      0 LISTEN
      *.4045               *.*                0      0 49152      0 LISTEN
      *.80                 *.*                0      0 49152      0 LISTEN
      *.32774              *.*                0      0 49152      0 LISTEN
      *.32775              *.*                0      0 49152      0 LISTEN
      *.514                *.*                0      0 49152      0 LISTEN
      *.7100               *.*                0      0 49152      0 LISTEN
      *.32776              *.*                0      0 49152      0 LISTEN
      *.32777              *.*                0      0 49152      0 LISTEN
      *.8080               *.*                0      0 49152      0 LISTEN
      *.3306               *.*                0      0 49152      0 LISTEN
      *.32779              *.*                0      0 49152      0 LISTEN
127.0.0.1.53               *.*                0      0 49152      0 LISTEN
xxx.xxx.xxx.xxx.53         *.*                0      0 49152      0 LISTEN
192.168.244.241.53         *.*                0      0 49152      0 LISTEN
127.0.0.1.953              *.*                0      0 49152      0 LISTEN
      *.32780              *.*                0      0 49152      0 LISTEN
      *.32781              *.*                0      0 49152      0 LISTEN
      *.6000               *.*                0      0 49152      0 LISTEN
      *.6000               *.*                0      0 49152      0 LISTEN

any ideas would be a great assist
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Open Port 3306 for MySQL connection

I am needing to "un-block" port 3306 so that I can access MySQL from another PC. When I installed Mandrake 8.1, I set the security level to high because it is going to be a web server. I believe I have to allow access to my ports now and I do not know the commands to do that. If anyone... (4 Replies)
Discussion started by: gdboling
4 Replies

2. UNIX for Dummies Questions & Answers

How to check the TCP/UDP port of a connection

Hi, Users are connecting thru a KCML Client to UNIX machine, and I want to know which TCP/UDP port that client uses? How can I check the port of a user logged in? Regards, Tayyab (2 Replies)
Discussion started by: tayyabq8
2 Replies

3. Programming

Cloning a socket connection, using other port numbers

Hello everybody, I've coded a multi-client server based on internet sockets using the scheme listen on port X-accept-fork, exactly like beej's guide At some point I would like to establish a secondary connection between a client and the server-child serving him. I was considering the... (4 Replies)
Discussion started by: jonas.gabriel
4 Replies

4. UNIX for Advanced & Expert Users

connection to localhost:10.0 host broken (explicit kill or server shutdown)

Hi All, We use tomcat web server and it will get terminated with below error: connection to localhost:10.0 host broken (explicit kill or server shutdown) Please let me know how to fix this error. (5 Replies)
Discussion started by: bache_gowda
5 Replies

5. UNIX for Dummies Questions & Answers

Terminate a port connection

I have executed a command which has ports that have to be assigned. then I deleted the files. Now I need to reinstall the command. but it says the ports are not free How to terminate the port connections and reinstall in solaris unix ---------- Post updated at 09:07 PM ----------... (7 Replies)
Discussion started by: sriki32
7 Replies

6. Shell Programming and Scripting

How to pass port number in stop script

In unix i have to start service and it promts to enter port number: /usr/mydir/ca >./stop_ca_devp And it prompts message like : Enter the port number of the server you would like to shut down : Then I type xxxx then it stops the service.Now what I need is remove manual intervention.... (3 Replies)
Discussion started by: krsnadasa
3 Replies

7. UNIX for Advanced & Expert Users

ipf/ipnat NAT/port forward issues

I've been going crazy trying to get this working. Here's the situation: we have a Solaris 10 box that connects an internal network to an external network. We're using ipf/ipnat on it. We've added a couple of new boxes to the internal network (192.168.1.100, .101) and want to be able to get to port... (1 Reply)
Discussion started by: spakov
1 Replies

8. AIX

X connection to localhost:10.0 broken (explicit kill or server shutdown)

I want to run applet on AIX 6 machine. I already have setup $DISPLAY variable for putty session by selecting X11 option. I got below error for any X related commands (xclock, X, applet viewer ) X connection to localhost:10.0 broken (explicit kill or server shutdown). Please can anyone... (0 Replies)
Discussion started by: kailas.girase
0 Replies

9. IP Networking

Facing issue in ip6table rule for port based routing management

Hi, Please help me on issue described below, I have 4 machine setup, M1 -> M2 -> M3 | M4. And A laptop that can be reachable through both M3 and M4. M2 has 2 NIC conected to M3 and M4. Now I want to divide the flow coming from M1 for laptop. At M2, I have done following,... (1 Reply)
Discussion started by: rahulbhansali24
1 Replies

10. Solaris

Ssh Connection refused port 22

Hello everybody, I'm a begginer using Solaris so I really need your help. I'm trying to copy a file using scp from a Red Hat Linux 6 server to an Oracle Solaris 11 machine and all i get is an error "" ssh: connection to host <HOST_IP> port 22: Connection refused lost connection. Thanks for... (6 Replies)
Discussion started by: limaco82
6 Replies
All times are GMT -4. The time now is 03:02 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy