Remember that scanners such as nmap do not by default scan all possible
ports, as that would be quite time consuming. It is a better idea to run
portsentry on common ports (check nmap's services file), or you will find
yourself with one damn big logfile quite fast.
Erik Tayler
On Wednesday 26
Hi,
This might be usefull for you
http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/
http://www.bastille-linux.org/
::dc::
David Correa RHCE CCNA
http://www.linux-tech.com
Remember that the system has 65536 virtual ports available, so I would
recommend running portsentry on ALL of the ports.
Robert Clark
MCSE, MCP+I, MCP, A+
MIS - Texas Cellular
> -Original Message-
> From: James Nobles [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 20, 2001 10:09
In-Reply-To: <[EMAIL PROTECTED]>
You might consider editing your /etc/inetd.conf
file, if you haven't done so.
To see what's using those ports, try using the
'lsof' command...others have also mentioned 'fuser'.
James,
portsentry opens up lots of *fake* listening ports. To confirm your open
ports you might want to:
kill portsentry
double check your inetd.conf
restart inetd **make sure portsentry doesn't restart
do a netstat -an
scan your box from another box : i.e.
nmap -nsS -O -p 1-65535 -oN -v
nma
*snip*
> below.Is this normal? All these tcp ports
> listening doesn't seem right or is it? Thanks in
> advance.
*snip*
That's all nice, but netstat output you provided is useless, since it
doesn't contain any useful information at all. All those ports could be
opened by simply anything. Try net
Hi,
> I have edited the /etc/services
> file.Now...when i do netstat -a i get the output
> below.Is this normal?
Why did you edit /etc/services ? It's just used for mapping
a name over a port number (like http --> 80). Its not used
for launching servers.
Edit /etc/inetd.conf instead. This
What programs do you have up and running? Port 6667 is for IRC chat and is
commonly used by IRC chat programs and by trojans that use IRC for
communication. Listening indicates that a program is acting as a server.
Make sure to close down all your internet chat programs and browsers and try
scan