Are the following open ports a danger?

jludwig wralphie at comcast.net
Tue Aug 10 15:23:36 UTC 2004 

On Tue, 2004-08-10 at 02:18, Graeme Nichols wrote:
> Manuel Arostegui Ramirez wrote:
> 
> >  --- Chris Hewitt <rhil at manordata.uklinux.net>
> > escribió: 
> > 
> >>On Mon, 2004-08-09 at 04:16, Graeme Nichols wrote:
> >>
> >>>Hello Folks, I have just become aware of a
> >>
> >>utility, nmap, to discover
> >>
> >>>open ports on my system. The output of the run is
> >>
> >>as follows:-
> >>
> >>>[graeme at barney graeme]$ sudo nmap -sS -O barney
> >>> 
> >>>Starting nmap 3.50 ( http://www.insecure.org/nmap/
> >>
> >>) at 2004-08-09 13:07
> >>
> >>>EST
> >>>Interesting ports on barney.localdomain
> >>
> >>(192.168.1.1):
> >>
> >>>(The 1637 ports scanned but not shown below are in
> >>
> >>state: closed)
> >>
> >>>PORT      STATE SERVICE
> >>>1/tcp     open  tcpmux
> >>>11/tcp    open  systat
> >>>15/tcp    open  netstat
> >>>22/tcp    open  ssh
> >>>111/tcp   open  rpcbind
> >>>143/tcp   open  imap
> >>>540/tcp   open  uucp
> >>>635/tcp   open  unknown
> >>>1024/tcp  open  kdm
> >>>1080/tcp  open  socks
> >>>1524/tcp  open  ingreslock
> >>>2000/tcp  open  callbook
> >>>6667/tcp  open  irc
> >>>10000/tcp open  snet-sensor-mgmt
> >>>12345/tcp open  NetBus
> >>>12346/tcp open  NetBus
> >>>31337/tcp open  Elite
> >>>32771/tcp open  sometimes-rpc5
> >>>32772/tcp open  sometimes-rpc7
> >>>32773/tcp open  sometimes-rpc9
> >>>32774/tcp open  sometimes-rpc11
> >>>54320/tcp open  bo2k
> >>>Device type: general purpose
> >>>Running: Linux 2.4.X|2.5.X
> >>>OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2
> >>
> >>Linux 2.4.19 rc1-rc7)
> >>
> >>>Uptime 0.056 days (since Mon Aug  9 11:47:15 2004)
> >>> 
> >>>Nmap run completed -- 1 IP address (1 host up)
> >>
> >>scanned in 6.560 seconds
> >>
> >>>Are any of the above open ports posing a danger
> >>
> >>that I should close?
> >>
> >>>My apologies for a dumb question but iptables is
> >>
> >>not my forte I'm
> >>
> >>>afraid. BTW, nmap got my system wrong, its FC2 on
> >>
> >>kernel 2.6.6
> >>
> >>Graeme,
> >>
> > 
> > 
> > 12345/tcp open  NetBus
> > 12346/tcp open  NetBus
> > 
> > Have you got a firewall running? 
> 
> Hi Manuel, thanks. Yes, I have iptables running and thought I had all 
> blocked from outside except ssh, mail and web browsing. I used the 
> graphical utility that comes with FC2. Doesn't look like it does a very 
> competent job :-)
All you need to have running on a private box is possibly ssh.

When a daemon is run it listens to "answer" a request. 

If you have a server, like mail then it must be running, otherwise turn
all port servers off that don't need to be running.

Second put up a good firewall something like;

1) Set all policies to reject.
iptables -P INPUT REJECT
iptables -P FORWARD REJECT
iptables -P OUTPUT REJECT

2) iptables -I INPUT -i eth0 -m state --state \
! ESTABLISHED,RELATED -j REJECT

3) iptables -I FORWARD -i eth0 -m state\
 --state ! ESTABLISHED,RELATED -j REJECT

etc

(SEE http://www.linuxguruz.com/ )
-- 
jludwig <wralphie at comcast.net>

More information about the Redhat-install-list mailing list