Are the following open ports a danger?
jludwig
wralphie at comcast.net
Tue Aug 10 15:23:36 UTC 2004
On Tue, 2004-08-10 at 02:18, Graeme Nichols wrote:
> Manuel Arostegui Ramirez wrote:
>
> > --- Chris Hewitt <rhil at manordata.uklinux.net>
> > escribió:
> >
> >>On Mon, 2004-08-09 at 04:16, Graeme Nichols wrote:
> >>
> >>>Hello Folks, I have just become aware of a
> >>
> >>utility, nmap, to discover
> >>
> >>>open ports on my system. The output of the run is
> >>
> >>as follows:-
> >>
> >>>[graeme at barney graeme]$ sudo nmap -sS -O barney
> >>>
> >>>Starting nmap 3.50 ( http://www.insecure.org/nmap/
> >>
> >>) at 2004-08-09 13:07
> >>
> >>>EST
> >>>Interesting ports on barney.localdomain
> >>
> >>(192.168.1.1):
> >>
> >>>(The 1637 ports scanned but not shown below are in
> >>
> >>state: closed)
> >>
> >>>PORT STATE SERVICE
> >>>1/tcp open tcpmux
> >>>11/tcp open systat
> >>>15/tcp open netstat
> >>>22/tcp open ssh
> >>>111/tcp open rpcbind
> >>>143/tcp open imap
> >>>540/tcp open uucp
> >>>635/tcp open unknown
> >>>1024/tcp open kdm
> >>>1080/tcp open socks
> >>>1524/tcp open ingreslock
> >>>2000/tcp open callbook
> >>>6667/tcp open irc
> >>>10000/tcp open snet-sensor-mgmt
> >>>12345/tcp open NetBus
> >>>12346/tcp open NetBus
> >>>31337/tcp open Elite
> >>>32771/tcp open sometimes-rpc5
> >>>32772/tcp open sometimes-rpc7
> >>>32773/tcp open sometimes-rpc9
> >>>32774/tcp open sometimes-rpc11
> >>>54320/tcp open bo2k
> >>>Device type: general purpose
> >>>Running: Linux 2.4.X|2.5.X
> >>>OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2
> >>
> >>Linux 2.4.19 rc1-rc7)
> >>
> >>>Uptime 0.056 days (since Mon Aug 9 11:47:15 2004)
> >>>
> >>>Nmap run completed -- 1 IP address (1 host up)
> >>
> >>scanned in 6.560 seconds
> >>
> >>>Are any of the above open ports posing a danger
> >>
> >>that I should close?
> >>
> >>>My apologies for a dumb question but iptables is
> >>
> >>not my forte I'm
> >>
> >>>afraid. BTW, nmap got my system wrong, its FC2 on
> >>
> >>kernel 2.6.6
> >>
> >>Graeme,
> >>
> >
> >
> > 12345/tcp open NetBus
> > 12346/tcp open NetBus
> >
> > Have you got a firewall running?
>
> Hi Manuel, thanks. Yes, I have iptables running and thought I had all
> blocked from outside except ssh, mail and web browsing. I used the
> graphical utility that comes with FC2. Doesn't look like it does a very
> competent job :-)
All you need to have running on a private box is possibly ssh.
When a daemon is run it listens to "answer" a request.
If you have a server, like mail then it must be running, otherwise turn
all port servers off that don't need to be running.
Second put up a good firewall something like;
1) Set all policies to reject.
iptables -P INPUT REJECT
iptables -P FORWARD REJECT
iptables -P OUTPUT REJECT
2) iptables -I INPUT -i eth0 -m state --state \
! ESTABLISHED,RELATED -j REJECT
3) iptables -I FORWARD -i eth0 -m state\
--state ! ESTABLISHED,RELATED -j REJECT
etc
(SEE http://www.linuxguruz.com/ )
--
jludwig <wralphie at comcast.net>
More information about the Redhat-install-list
mailing list