im having problems testing my iptable setup.

When i scan myself (with NMAP) i have these ports listed..

113/tcp auth
137/udp netbios-ns
138/udp netbios-dgm
139/tcp netbios-ssn
515/tcp printer
6000/tcp X11

I know i should block netbios and X11. Should i block 113 and 515?

and when i do block these and try to scan myself they still come up!

example from my setup

iptables -N block
iptables -A block -p tcp --dport 6000:6015 -j DROP

iptables -A INPUT -i eth+ -j drop
iptables -A FORWARD -i eth+ -j DROP

but when i scan myself though my network port 6000 still comes up....

any ideas???

btw, the default rules are all set to DROP

[ 03 November 2001: Message edited by: ralph wiggum ]

ok, im retarded. i didnt know that when I was scanning myself (ip 192.168.1.1) that it was using my lo device to do this. So i think i fixed it.

but my question about ports still stand, should i block ALL of those ports that came up?

ok, when i block ports i get a state of "filtered" when i scan myself. Is this normal? Arent they not suposed to show up at all?

also..

with this rule
-p tcp --dport 6000:6015 -j DROP

I get
port state service
6000/tcp filtered X11
6001/tcp filtered X11:1
6002/tcp filtered X11:2
.......
6009/tcp filtered X11:9

does anyone know why it doesnt go all the way up to 15? is this normal as well?

thanks all


*edit*
when i specify ports up to 6015 i get a service of "unknown" and a state of "filtered"

but its still a mystery to me why only 6000-6009 come up with a service.... hmmm...

[ 03 November 2001: Message edited by: ralph wiggum ]