SNMP closed state in CentOS
5,331
By default, snmpd
listens to UDP port 161 on all interfaces. If you want to use TCP, you will have to configure that in your snmpd.conf
or in /etc/default/snmpd
.
The fact that nmap
sees port 161 as "closed" rather than "filtered" means that it got a RST
packet in return when it tried to contact TCP port 161 rather than getting nothing back. This means that your IPTables rules are working fine.
Author by
anksoWX
Updated on September 18, 2022Comments
-
anksoWX over 1 year
I'm having a problem here, I've added to my IPtables rules this:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
but when I scan with nmap or any other tool it says this:
Not shown: 998 filtered ports PORT STATE SERVICE 22/tcp open ssh 161/tcp closed snmp
also when I am doing:
netstat -apn | grep snmpd tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 3669/snmpd<br> udp 0 0 0.0.0.0:161 0.0.0.0:* 3669/snmpd<br> unix 2 [ ] DGRAM 226186 3669/snmpd
Also:
service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:161 5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:161 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
Any idea what's going on? There is no UDP in closed/open state. what do I have to do?
-
Ladadadada over 11 yearsWhat
nmap
command did you use? Did you have the-sU
option set? -
Marcela Lozano over 11 yearsLadadadada is right. But probably you are working with a wrong community, this is why doesn't work.
-
anksoWX over 11 yearsI am using the nmap -sT -O IP_ADDR but with nmap -sU -O IP_ADDR i don't take any response for a long time.
-
-
anksoWX over 11 yearsAlso i've removed the ip table rule for TCP and i leaved only the UDP rule. Now it doesn't response at all.