Justin, I replied direct last night, but maybe the msg didn't get to you so I'll post here in the list also. I also see that the list won't accept a msg larger than 100k so I've removed the three screenshots. If anyone wants to see them let me know and I'll send them over. In a nutshell, the modem security screen now says that "WEB, FTP, Telnet and TFTP traffic are blocked from the WAN to the LAN and all ping and traceroute requests are blocked"
> Hi Chris, > > First of all, judging by that portscan I'd say you have postfix (or > sendmail, etc.), CUPS, Webmin, X, and BIND all running as services (the > rest I don't recognize). You may or may not want to stop some of these > services using chkconfig --del <service>. If this is a personal machine, > I can't think of any of those services that actually need to be running, > though webmin (port 10000) is pretty useful for web-based management of > your box if you're shell-o-phobic. Hmm, lets see, I use sendmail to fwd spam to [EMAIL PROTECTED], I figure I need CUPS running for the printer, maybe I'm wrong, X - you mentioned in the next message, BIND I'm not familiar with. As I mentioned earlier xinetd has been totally shutdown and removed from being active. Webmin, I use quite frequently especially for updating perl modules and cronjobs. I have a bad case of CRS and always forget what to put on the CLI :( > As for the part about ports 21 (FTP), 23 (telnet), and 80 (http) showing > up from external port scans, are you connected to the internet directly, > or through a router or cable modem? (when you said "modem" I wasn't > exactly sure). I'm connected with a Sprint (read Zyxel) 645M Plus ADSL modem-bridge. > If you are connected directly, what you nmap should be exactly what an > external port scan will show, unless you are running shorewall or some > other firewall on your system. I'm running Firestarter > If you are connected through a router or cable modem, that device could > be advertising those ports, either as port forwarding to a different > device, or ports open on the cable modem/router itself (although these > ports are not normally be open to the outside world for security > reasons). You may want to check your cable modem/router's configuration > to see if it is forwarding any of these ports for you (it shouldn't by > factory default settings). > > Hope that helps, don't hesitate to post again if you need more info :) I replied direct since I'm posting 3 screenshots. I went into the modems config and changed the security setting as shown on the modemsec shot. On the 2nd one I changed the setting from server to none, of course then I couldn't connect to the internet. The third shows the current system stats with my current ip address. After all these changes I went to grc.com and got exactly the same results as I've always gotten, 21, 23, 80 are open, rest are closed. His site even said it received a reply from an ICMP ping, even though I changed the security setting on the modem to not reply to these. After all the setting changes I reset the modem to make sure they took effect. Syslog never shows any odd 'hits' other than the occassional problem when trying to connect to razor, pyzor or DCC while checking spam. So, whats a person to do? -- Chris Registered Linux User 283774 http://counter.li.org 5:25pm up 10 days, 22:45, 2 users, load average: 0.12, 0.22, 0.22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The philosopher's treatment of a question is like the treatment of an illness. -- Wittgenstein. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
