Re: [gentoo-user] Open ports question
On Saturday 15 March 2003 12:30 am, Corey Melanson wrote: > I'm also have sympatico and run a mail server. What they have done as far > as I know is blocked all outgoing smtp unless it's going through their > servers. Nope. Fibertel blocked INCOMING connections. Bah. I don't care much about'em now... Regards, Norberto pgp0.pgp Description: signature
Re: [gentoo-user] Open ports question
try this as root: lsof | grep -i listen then yell have the names of the processes opening certain ports On Thu, 2003-03-13 at 09:40, Pius Lee wrote: > Hi, I recently used nmap to portscan my machine from another pc and > found that i've got the following ports open: > > 22 (ssh) > 25 (smtp) > 113 (pop-3) > > Now, I'm very sure that I only started the sshd daemon and I DON'T even > have an smtp/pop3/any kind of mail server installed. Running "netstat -l > -p --inet" gives: > > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name > tcp0 0 *:sunrpc*:* LISTEN > 5168/portmap > tcp0 0 localhost:731 *:* LISTEN > 5219/fam > udp0 0 *:sunrpc*:* > 5168/portmap > tcp0 0 *:ssh *:* LISTEN > 6564/sshd > > > I don't see port 25 or 113 open, but why does nmap list them as so? > Blocking the ports with iptables would probably solve the problem, but > to get to the root of it, would tracking the daemons responsible for > opening them be a better solution? How should I go about doing it then? > > Thanks for all comments and feedback! > > > -- > [EMAIL PROTECTED] mailing list -- Nicholas Hockey (Tilt) <[EMAIL PROTECTED]> Unix Administrator Encrypted E-Mail is preferred.. GnuPG KeyID 4EDE2B84 Key fingerprint = B916 6032 BE3D 490D 2A08 F1BC 948A A4C1 4EDE 2B84 HKP: gpg --keyserver pgp.mit.edu --recv-keys 4EDE2B84 LDAP: gpg --keyserver ldap://keyserver.pgp.com --recv-keys 4EDE2B84 -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
I'm also have sympatico and run a mail server. What they have done as far as I know is blocked all outgoing smtp unless it's going through their servers. What you can do to cope with this is to set your mail server to relay through the smtp server they assigned you, smtp1.sympatico.ca for me. In qmail you just add the smtp1.sympatico.ca to the /var/qmail/control/smtproutes file and it'll work like it should. Me and my friends do this and it works fine. Hope this helps. Corey On March 13, 2003 09:23 pm, Norberto BENSA wrote: > On Thursday 13 March 2003 10:53 pm, leeweiqi wrote: > > So, does that mean that the port is not open by me but rather it's my isp > > who opened the port? Would this be a security breach on my machine? > > Thanks for everyone's help man. > > No security risk, but you can't run your own stmp server either, which IMHO > just plain sucks (www.fibertel.com.ar does that here in Argentina... I told > them to cancel my account almost a year ago.) > > Regards, > Norberto -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
On Friday 14 March 2003 01:24, leeweiqi wrote: > Yup, starting portmap opens port 111/tcp. should i block this port using > iptables? Yes, you should. In general there is no reason to support remote access to the portmapper. (That is unless you really wish to offer nis/yp or nfs to the outside world) Paul -- Paul de Vrieze Researcher Mail: [EMAIL PROTECTED] Homepage: http://www.devrieze.net pgp0.pgp Description: signature
Re: [gentoo-user] Open ports question
Haha. ok, just glad that it's not a breach in my system security. --- Norberto BENSA <[EMAIL PROTECTED]> wrote: > On Thursday 13 March 2003 10:53 pm, leeweiqi wrote: > > So, does that mean that the port is not open by me but rather it's > my isp > > who opened the port? Would this be a security breach on my > machine? Thanks > > for everyone's help man. > > No security risk, but you can't run your own stmp server either, > which IMHO > just plain sucks (www.fibertel.com.ar does that here in Argentina... > I told > them to cancel my account almost a year ago.) > > Regards, > Norberto > > -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
On Thursday 13 March 2003 10:53 pm, leeweiqi wrote: > So, does that mean that the port is not open by me but rather it's my isp > who opened the port? Would this be a security breach on my machine? Thanks > for everyone's help man. No security risk, but you can't run your own stmp server either, which IMHO just plain sucks (www.fibertel.com.ar does that here in Argentina... I told them to cancel my account almost a year ago.) Regards, Norberto pgp0.pgp Description: signature
Re: [gentoo-user] Open ports question
So, does that mean that the port is not open by me but rather it's my isp who opened the port? Would this be a security breach on my machine? Thanks for everyone's help man. --- Sean Higgins <[EMAIL PROTECTED]> wrote: > > Hello, > > I tried telnetting and here is what I got: > > $ telnet 210.193.25.172 25 > Trying 210.193.25.172... > Connected to 210.193.25.172. > Escape character is '^]'. > 220 tomts15.bellnexxia.net ESMTP server (InterMail vM.5.01.04.19 > 201-253-122-122-119-20020516) ready Thu, 13 Mar 2003 20:25:05 -0500 > quit > 221 tomts15-srv.bellnexxia.net ESMTP server closing connection > > You can see you ISP is filtering port 25. I have seen other ISPs do > this in > an attempt to stop spam... > >Sean > > On March 13, 2003 07:38 pm, leeweiqi wrote: > > Ok...telnetting from a outside machine (210.193.25.172 is my host > ip): > > > > [EMAIL PROTECTED] sysconfig]# telnet 210.193.25.172 25 > > Trying 210.193.25.172... > > telnet: connect to address 210.193.25.172: No route to host > > > > Does that mean no one can connect to port 25 on my machine then? > > > > --- Paul de Vrieze <[EMAIL PROTECTED]> wrote: > > > On Thursday 13 March 2003 15:56, Pius Lee wrote: > > > > I'm not too sure bout that...how can I find out? Sounds > evil... > > > > > > Just try to telnet to your host on those ports from an outside > > > machine. > > > > > > Paul > > > > > > -- > > > Paul de Vrieze > > > Researcher > > > Mail: [EMAIL PROTECTED] > > > Homepage: http://www.devrieze.net > > > > -- > > [EMAIL PROTECTED] mailing list > -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
Hello, I tried telnetting and here is what I got: $ telnet 210.193.25.172 25 Trying 210.193.25.172... Connected to 210.193.25.172. Escape character is '^]'. 220 tomts15.bellnexxia.net ESMTP server (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) ready Thu, 13 Mar 2003 20:25:05 -0500 quit 221 tomts15-srv.bellnexxia.net ESMTP server closing connection You can see you ISP is filtering port 25. I have seen other ISPs do this in an attempt to stop spam... Sean On March 13, 2003 07:38 pm, leeweiqi wrote: > Ok...telnetting from a outside machine (210.193.25.172 is my host ip): > > [EMAIL PROTECTED] sysconfig]# telnet 210.193.25.172 25 > Trying 210.193.25.172... > telnet: connect to address 210.193.25.172: No route to host > > Does that mean no one can connect to port 25 on my machine then? > > --- Paul de Vrieze <[EMAIL PROTECTED]> wrote: > > On Thursday 13 March 2003 15:56, Pius Lee wrote: > > > I'm not too sure bout that...how can I find out? Sounds evil... > > > > Just try to telnet to your host on those ports from an outside > > machine. > > > > Paul > > > > -- > > Paul de Vrieze > > Researcher > > Mail: [EMAIL PROTECTED] > > Homepage: http://www.devrieze.net > > -- > [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
Ok...telnetting from a outside machine (210.193.25.172 is my host ip): [EMAIL PROTECTED] sysconfig]# telnet 210.193.25.172 25 Trying 210.193.25.172... telnet: connect to address 210.193.25.172: No route to host Does that mean no one can connect to port 25 on my machine then? --- Paul de Vrieze <[EMAIL PROTECTED]> wrote: > On Thursday 13 March 2003 15:56, Pius Lee wrote: > > I'm not too sure bout that...how can I find out? Sounds evil... > > > > Just try to telnet to your host on those ports from an outside > machine. > > Paul > > -- > Paul de Vrieze > Researcher > Mail: [EMAIL PROTECTED] > Homepage: http://www.devrieze.net > -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
Yup, starting portmap opens port 111/tcp. should i block this port using iptables? --- Spider <[EMAIL PROTECTED]> wrote: > begin quote > On Thu, 13 Mar 2003 22:40:25 +0800 > Pius Lee <[EMAIL PROTECTED]> wrote: > > use "lsof -i" instead of nmap and you can know what it is that > does > what, instead of knowing something is open. > > but, "fam" (file alteration monitor) speeds up the listing of files > + > updates of them if you have KDE or Gnome, and that in turn starts > Portmap (the sunrpc client) > > > //Spider > > > > Hi, I recently used nmap to portscan my machine from another pc > and > > found that i've got the following ports open: > > > > 22 (ssh) > > 25 (smtp) > > 113 (pop-3) > > > > I don't see port 25 or 113 open, but why does nmap list them as > so? > > Blocking the ports with iptables would probably solve the problem, > but > > > > to get to the root of it, would tracking the daemons responsible > for > > opening them be a better solution? How should I go about doing it > > then? > > > > > -- > begin .signature > This is a .signature virus! Please copy me into your .signature! > See Microsoft KB Article Q265230 for more information. > end > -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
Ok, I tried again today. now nmap from a remote pc gives: Port State Service 22/tcp openssh 25/tcp filteredsmtp No more port 113! And what does the "filtered" mean? lsof|grep LISTEN gives: sshd 5586 root3u IPv4 7621 TCP *:ssh (LISTEN) Which proves i'm not opening port 25 right? --- mikepolniak <[EMAIL PROTECTED]> wrote: > On 22:40 Thu 13 Mar , Pius Lee wrote: > > Hi, I recently used nmap to portscan my machine from another pc > and > > found that i've got the following ports open: > > > > 22 (ssh) > > 25 (smtp) > > 113 (pop-3) > > > > Now, I'm very sure that I only started the sshd daemon and I DON'T > even > > have an smtp/pop3/any kind of mail server installed. > > > > > > I don't see port 25 or 113 open, but why does nmap list them as > so? > > > Run lsof|grep LISTEN > > -- > [EMAIL PROTECTED] mailing list > -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
begin quote On Thu, 13 Mar 2003 22:40:25 +0800 Pius Lee <[EMAIL PROTECTED]> wrote: use "lsof -i" instead of nmap and you can know what it is that does what, instead of knowing something is open. but, "fam" (file alteration monitor) speeds up the listing of files + updates of them if you have KDE or Gnome, and that in turn starts Portmap (the sunrpc client) //Spider > Hi, I recently used nmap to portscan my machine from another pc and > found that i've got the following ports open: > > 22 (ssh) > 25 (smtp) > 113 (pop-3) > > Now, I'm very sure that I only started the sshd daemon and I DON'T > even have an smtp/pop3/any kind of mail server installed. Running > "netstat -l -p --inet" gives: > > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address > State PID/Program name > tcp0 0 *:sunrpc*:* > LISTEN 5168/portmap > tcp0 0 localhost:731 *:* > LISTEN 5219/fam > udp0 0 *:sunrpc*:* > 5168/portmap > tcp0 0 *:ssh *:* > LISTEN 6564/sshd > > > I don't see port 25 or 113 open, but why does nmap list them as so? > Blocking the ports with iptables would probably solve the problem, but > > to get to the root of it, would tracking the daemons responsible for > opening them be a better solution? How should I go about doing it > then? > -- begin .signature This is a .signature virus! Please copy me into your .signature! See Microsoft KB Article Q265230 for more information. end pgp0.pgp Description: PGP signature
Re: [gentoo-user] Open ports question
On Thursday 13 March 2003 15:56, Pius Lee wrote: > I'm not too sure bout that...how can I find out? Sounds evil... > Just try to telnet to your host on those ports from an outside machine. Paul -- Paul de Vrieze Researcher Mail: [EMAIL PROTECTED] Homepage: http://www.devrieze.net pgp0.pgp Description: signature
Re: [gentoo-user] Open ports question
On 22:40 Thu 13 Mar , Pius Lee wrote: > Hi, I recently used nmap to portscan my machine from another pc and > found that i've got the following ports open: > > 22 (ssh) > 25 (smtp) > 113 (pop-3) > > Now, I'm very sure that I only started the sshd daemon and I DON'T even > have an smtp/pop3/any kind of mail server installed. Running "netstat -l > -p --inet" gives: > > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name > tcp0 0 *:sunrpc*:* LISTEN > 5168/portmap > tcp0 0 localhost:731 *:* LISTEN > 5219/fam > udp0 0 *:sunrpc*:* > 5168/portmap > tcp0 0 *:ssh *:* LISTEN > 6564/sshd > > > I don't see port 25 or 113 open, but why does nmap list them as so? > Blocking the ports with iptables would probably solve the problem, but > to get to the root of it, would tracking the daemons responsible for > opening them be a better solution? How should I go about doing it then? Run lsof|grep LISTEN -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
I'm not too sure bout that...how can I find out? Sounds evil... Paul de Vrieze wrote: On Thursday 13 March 2003 15:40, Pius Lee wrote: Hi, I recently used nmap to portscan my machine from another pc and found that i've got the following ports open: 22 (ssh) 25 (smtp) 113 (pop-3) Are you sure you don't have an ISP that fucks with your access, and redirects the 25 and 113 ports to their own mail servers? Paul -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
On Thu, 2003-03-13 at 15:40, Pius Lee wrote: > Hi, I recently used nmap to portscan my machine from another pc and > found that i've got the following ports open: > > 22 (ssh) > 25 (smtp) > 113 (pop-3) > Stop your network interface and watch which services are automatically stopped. Restarting network and checking those services one by one you should find which one listens the pop3 and smtp ports. You could use nmap from the target box without any problem even if the network interface is down. To stop network: /etc/init.d/net.eth0 stop To start network: /etc/init.d/net.eth0 start To start services: /etc/init.d/servicename start -- Arturo di Gioia <[EMAIL PROTECTED]> -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open ports question
On Thursday 13 March 2003 15:40, Pius Lee wrote: > Hi, I recently used nmap to portscan my machine from another pc and > found that i've got the following ports open: > > 22 (ssh) > 25 (smtp) > 113 (pop-3) Are you sure you don't have an ISP that fucks with your access, and redirects the 25 and 113 ports to their own mail servers? Paul -- Paul de Vrieze Researcher Mail: [EMAIL PROTECTED] Homepage: http://www.cs.kun.nl/~pauldv pgp0.pgp Description: signature
[gentoo-user] Open ports question
Hi, I recently used nmap to portscan my machine from another pc and found that i've got the following ports open: 22 (ssh) 25 (smtp) 113 (pop-3) Now, I'm very sure that I only started the sshd daemon and I DON'T even have an smtp/pop3/any kind of mail server installed. Running "netstat -l -p --inet" gives: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 *:sunrpc*:* LISTEN 5168/portmap tcp0 0 localhost:731 *:* LISTEN 5219/fam udp0 0 *:sunrpc*:* 5168/portmap tcp0 0 *:ssh *:* LISTEN 6564/sshd I don't see port 25 or 113 open, but why does nmap list them as so? Blocking the ports with iptables would probably solve the problem, but to get to the root of it, would tracking the daemons responsible for opening them be a better solution? How should I go about doing it then? Thanks for all comments and feedback! -- [EMAIL PROTECTED] mailing list
