HostedDB - Dedicated UNIX Servers
hpntbast101_8 - 8 - Proto  Local Address          Foreign Address        State TCP    0.0.0.0:80             0.0.0.0:0              LISTENING (IIS) TCP    0.0.0.0:135            0.0.0.0:0              LISTENING (RpsSs) TCP    0.0.0.0:135            0.0.0.0:0              LISTENING (RpcSs) TCP    0.0.0.0:443            0.0.0.0:0              LISTENING (IIS) TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING (???) TCP    0.0.0.0:1028           0.0.0.0:0              LISTENING (???) TCP    127.0.0.1:1025         0.0.0.0:0              LISTENING TCP    127.0.0.1:1025         127.0.0.1:1028         ESTABLISHED TCP    127.0.0.1:1026         0.0.0.0:0              LISTENING TCP    127.0.0.1:1028         127.0.0.1:1025         ESTABLISHED UDP    0.0.0.0:135            *:*                              (RpcSs) C:\> We will have to live with this. The TCP/IP security filters should deny any connection attempts made to those ports. Test of TCP/IP security filters Let’s try the TCP/IP security filters. First I configured the filters to allow only tcp/80 and udp/1111. Then I fired up listeners with netcat (http://www.l0pht.com/~weld/netcat/) on tcp/80,81 and udp/1110,1111. To test I used netcat to try to connect to the server on the listener ports. The tcpdump output below shows the behavior of the filter function. UDP packets to port 1110 (blocked) shows no output on the listener. 22:54:14.041112 arp who-has 10.0.0.43 tell 10.0.0.5 22:54:14.041171 arp reply 10.0.0.43 is-at 0:10:5a:e6:cf:74 22:54:14.041240 10.0.0.5.1252 > 10.0.0.43.1110: udp 10 22:54:16.909514 10.0.0.5.1252 > 10.0.0.43.1110: udp 11 UDP packets to port 1111 (unblocked) shows output on the listener. 22:58:30.045340 10.0.0.5.1254 > 10.0.0.43.1110: udp 10 22:58:32.807513 10.0.0.5.1254 > 10.0.0.43.1110: udp 11 UDP packets to port 1111 (unblocked) with no listener sends ICMP udp port unreachable. 23:00:39.497178 10.0.0.43 > 10.0.0.5: icmp: 10.0.0.43 udp port 1111 unreachable 23:00:39.725978 10.0.0.5.1255 > 10.0.0.43.1111: udp 2 23:00:39.726038 10.0.0.43 > 10.0.0.5: icmp: 10.0.0.43 udp port 1111 unreachable 23:00:39.979497 10.0.0.5.1255 > 10.0.0.43.1111: udp 5 TCP connect to port 80 (unblocked) shows output on the listener. 23:03:05.220808 10.0.0.5.1264 > 10.0.0.43.http: S 52482:52482(0) win 8192 <mss 1460> (DF) [tos 0x10] 23:03:05.220922 10.0.0.43.http > 10.0.0.5.1264: S 61918:61918(0) ack 52483 win 8760 <mss 1460> (DF) 23:03:05.221044 10.0.0.5.1264 > 10.0.0.43.http: . ack 1 win 8760 (DF) [tos 0x10] 23:03:07.289221 10.0.0.5.1264 > 10.0.0.43.http: P 1:7(6) ack 1 win 8760 (DF) [tos 0x10] 23:03:07.395725 10.0.0.43.http > 10.0.0.5.1264: . ack 7 win 8754 (DF) 23:03:11.146798 10.0.0.5.1264 > 10.0.0.43.http: P 7:8(1) ack 1 win 8760 (DF) [tos 0x10] 23:03:11.301110 10.0.0.43.http > 10.0.0.5.1264: . ack 8 win 8753 (DF) 23:03:11.960993 10.0.0.5.1264 > 10.0.0.43.http: R 52490:52490(0) win 0 (DF) [tos 0x10] TCP connect to port 81 (blocked) shows no output on the listener. NT sends RST. 23:23:43.669792 10.0.0.5.1286 > 10.0.0.43.81: S 52552:52552(0) win 8192 <mss 1460> (DF) [tos 0x10] 23:23:43.669857 10.0.0.43.81 > 10.0.0.5.1286: R 0:0(0) ack 52553 win 0 23:23:44.168936 10.0.0.5.1286 > 10.0.0.43.81: S 52552:52552(0) win 8192 <mss 1460> (DF) [tos 0x10] 23:23:44.168995 10.0.0.43.81 > 10.0.0.5.1286: R 0:0(0) ack 1 win 0 23:23:44.669639 10.0.0.5.1286 > 10.0.0.43.81: S 52552:52552(0) win 8192 <mss 1460> (DF) [tos 0x10] 23:23:44.669697 10.0.0.43.81 > 10.0.0.5.1286: R 0:0(0) ack 1 win 0 23:23:45.170337 10.0.0.5.1286 > 10.0.0.43.81: S 52552:52552(0) win 8192 <mss 1460> (DF) [tos 0x10] 23:23:45.170392 10.0.0.43.81 > 10.0.0.5.1286: R 0:0(0) ack 1 win 0