Re: Open ports in Debian
Hi Rutger, > PORTSTATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 111/tcp open rpcbind > 113/tcp open auth > 903/tcp open iss-console-mgr Before starting nmap, use netstat. You can find out which program uses which port with netstat -tulpen for your internet connected box, leave just the port open that you really need. E.g. ssh (port 22) for remote administration, web-server (port 80), etc.. Maybe it tells that inetd has ports 111 and 113 open. Just stop inetd and see, that all the needed functionality is still given. If yes, remove the related inetd packet or remove the startup scripts with update-rc.d -f name-of-startup-script remove For your port 25 mailserver: If you just need to send emails (with queueing), try configure it to listen on localhost only. ssh: you can configure the ssh daemon to listen on port x instead of 22. This 'hides' it a bit (ok, a lot) - typical port scans just check the typical ports. You should still use a random password with more than 8 chars. http: there is much documentation about securing webservers (e.g. apache). You can check your webserver configuartion for security holes with a program called 'nikto' (from remote). As a thing of favour, you can set up a firewall with iptables. You should also keep your software upto-date. Of course there still is the chance to be hacked. It might help to install chkrootkit and rkhunter which regularly check for infected files. After all I am not an admin nor a security expert. These guys would have tons of other hints and advices. There are also some howtos about securing a box. Have fun, Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Open ports in Debian
port 111 will be used by rpc processes like NIS and NFS. port 113 is identd, used to identify the "owner" of a connection. port 903... I'm not sure. If you box is up on the world. I would suggest making a iptables(or equivilent) script that will block all but the wanted ports. IE, having these ports open can be harmfull. I leave these things open on my internal network, but on my public webserver I only open what I need and deny everything else. On Wed, 2005-11-23 at 00:54 +0100, Rutger Wessels wrote: > Hello, > > I administer a debian installation that is connected to the Internet. > When I run nmap, I found the following: > Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-23 00:29 CET > Interesting ports on xx > (The 1657 ports scanned but not shown below are in state: closed) > PORTSTATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 111/tcp open rpcbind > 113/tcp open auth > 903/tcp open iss-console-mgr > > 22,25,80 that are the ones I understand. But what are the other ones? Is > it harmful to have them open? > > I run Debian Stable and apt-get upgrade tells me I am up-to-date. > > regards, > Rutger > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Open ports in Debian
On 00:54 Wed 23 Nov , Rutger Wessels wrote: > Hello, > > I administer a debian installation that is connected to the Internet. > When I run nmap, I found the following: > Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-23 00:29 CET > Interesting ports on xx > (The 1657 ports scanned but not shown below are in state: closed) > PORTSTATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 111/tcp open rpcbind > 113/tcp open auth > 903/tcp open iss-console-mgr > > 22,25,80 that are the ones I understand. But what are the other ones? Is > it harmful to have them open? You can grep 113 /etc/services and find many services. Also you scanned 1657 ports with nmap. To scan more add the ports option: -p 20-65535 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Open ports in Debian
On Wed, 23 Nov 2005 00:54:13 +0100 Rutger Wessels <[EMAIL PROTECTED]> wrote: > 113/tcp open auth That's an 'ident' daemon I believe. _very_ primitive "security", some braindead IRC networks require it to be running and doubtlessly other things will require it too. HTH -ol -- I will live forever, or die trying. pgpSDlq76k8TF.pgp Description: PGP signature
Open ports in Debian
Hello, I administer a debian installation that is connected to the Internet. When I run nmap, I found the following: Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-23 00:29 CET Interesting ports on xx (The 1657 ports scanned but not shown below are in state: closed) PORTSTATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 113/tcp open auth 903/tcp open iss-console-mgr 22,25,80 that are the ones I understand. But what are the other ones? Is it harmful to have them open? I run Debian Stable and apt-get upgrade tells me I am up-to-date. regards, Rutger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]