On Fri, 11 Jan 2002 [EMAIL PROTECTED] wrote: > > If your 'netstat -tupan' returns nothing at all, then > > you're probably about as secure as you are with DOS. > > My netstat doesn't accept a -tupan parameter.
> However, I have > tried the other netstat options and I am not impressed. It appears > (my version, anyway) not to list open ports until they are actually > accessed. Even 'netstat -l' ??? That's the one that's supposed to show all listening ports. > This is not much use for determining which ports are > open *before* cracker accesses. How old is the netstat you're using? Mine shows all kinds of useful info. I'd copy'n'paste, but the lines are something like 120 characters wide, so I'll abbreviate: Local Address Foreign Address State PID/Program name 216.195.176.183:4962 216.239.33.101:80 CLOSE_WAIT 27036/mozilla-bin 216.195.176.183:4961 216.239.33.101:80 CLOSE_WAIT 27036/mozilla-bin 127.0.0.1:119 127.0.0.1:3273 ESTABLISHED 27007/leafnode 127.0.0.1:3273 127.0.0.1:119 ESTABLISHED 27006/slrn 0.0.0.0:80 0.0.0.0:* LISTEN 8413/httpd 0.0.0.0:25 0.0.0.0:* LISTEN 7371/sendmail: acc 0.0.0.0:6000 0.0.0.0:* LISTEN 6789/X 0.0.0.0:515 0.0.0.0:* LISTEN 400/ 0.0.0.0:119 0.0.0.0:* LISTEN 375/ So you see not only daemons which are listening, and on what ports, but you also see connections which were opened but which haven't (yet) received the FIN (?) packet. > I'm finding the 'scan' routine from BasicLinux much more useful. My 'scan' deals with e-mail. Have you downloaded nmap? That's another very useful tool for scanning yourself, your network, others' networks. Good for having your friends scan you with too, to see what you're showing to the outside world... and if you get nmap, nessus will piggy-back on it and give you advice on where you might have security weaknesses. Output when I run nmap (using default settings) on myself: ----- Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ ) Interesting ports on localhost (127.0.0.1): (The 1544 ports scanned but not shown below are in state: closed) Port State Service 25/tcp open smtp 80/tcp open http 119/tcp open nntp 515/tcp open printer 6000/tcp open X11 Remote operating system guess: Linux 2.1.19 - 2.2.17 Uptime 9.850 days (since Tue Jan 1 01:46:11 2002) Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds ----- Obviously, when it's run from outside the firewall, only the first two show up as open. The others show up as filtered. - Steve
