On Tue, Mar 20, 2001 at 01:25:07PM +0100, Hans Scheffers wrote:
> Hi,
> I have done a out of the box install of redhat 7, this doesn't work anymore
> with inet.d but with xinetd.d
> When I look in the directory / config of xinetd.d, I have almost no services
> that I use, just ssh, ftp. smtp and pop
> When I do a portscan on the system with nmap I get the following result:
> nmap -sS localhost
>
> Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
> Interesting ports on localhost (127.0.0.1):
> (The 1501 ports scanned but not shown below are in state: closed)
> Port State Service
> 1/tcp open tcpmux
> 11/tcp open systat
> 15/tcp open netstat
> 21/tcp open ftp
> 22/tcp open ssh
> 25/tcp open smtp
> 79/tcp open finger
> 80/tcp open http
> 110/tcp open pop-3
> 111/tcp open sunrpc
> 113/tcp open auth
> 119/tcp open nntp
> 139/tcp open netbios-ssn
> 143/tcp open imap2
> 443/tcp open https
> 515/tcp open printer
> 540/tcp open uucp
> 635/tcp open unknown
> 995/tcp open pop3s
> 1080/tcp open socks
> 1524/tcp open ingreslock
> 2000/tcp open callbook
> 3128/tcp open squid-http
> 5432/tcp open postgres
> 6667/tcp open irc
> 12345/tcp open NetBus
> 12346/tcp open NetBus
> 31337/tcp open Elite
> 32771/tcp open sometimes-rpc5
> 32772/tcp open sometimes-rpc7
> 32773/tcp open sometimes-rpc9
> 32774/tcp open sometimes-rpc11
> 54320/tcp open bo2k
That looks like the basic TCP_PORTS list from portsentry...
From portsentry.conf
] # Use these if you just want to be aware:
]
]#TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,31337,32771,32772,32773,32774,40421,49724,54320"
A few of them don't seem to show up (they may not be in the
1501 that nmap scanned), but it looks pretty close.
Do you have portsentry running?
You can run lsof or fuser and find out what process has those
sockets open.
> Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
> This is also when the services are commented out of /etc/services and the
> xinetd daemon is restarted. How can I put all these services off?
> greetz
> --
> Hans Scheffers ICQ: 83328340
> mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> http://www.jiffie.nl/rottweiler_actie
> http://communities.msn.com/stophetfokverbodagressievehonden
> <http://www.communities.msn.com/stophetfokverbodagressievehonden>
>
> "Das mir der Hund das Liebste sei, sagst du, mein Freund, sei Sunde
> Der Hund ist mir im Sturme treu der Mensch nicht mal im Wind!"
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
