On Fri, Jul 20, 2001 at 08:32:24PM +0300, Markku Kolkka wrote:
> On Friday 20. Julyta 2001 19:17, you wrote:
> > I have set-up the firewall on a DNS server to HIGH & only open the UDP
> > port, but when I ask www.hackerwatch.org/probe to probe the system it
> > states that the following ports are open ! 21,23,25,80,110,139,143,443
> > Is this correct and to be expected ?
>
> No, absolutely not. You shouldn't have telnet, FTP, WWW, mail and SMB servers
> running on a machine supposed to be a DNS server.
>
> Are you sure the scan was on _your_ machine, not on your ISP's firewall? Did
> you check the IP address reported by the scanner?
>
> > How do I close the unwanted ports ?
>
> First, run chkconfig to see what services you are running, then shut down any
> unnnecessary ones. Even better, uninstall the packages you don't need.
Also install the lsof (list open files) rpm.
To see what servers are listening on internet ports RIGHT NOW, run
lsof -i
It is extremely handy for doublechecking.
>
> > how do I make the system more secure (as secure as is reasonable for a DNS
> > server)
>
> I recommend Bastille-Linux (http://www.bastille-linux.org/) to setup your
> firewall configuration and generally harden your system.
>
> --
> Markku Kolkka
> [EMAIL PROTECTED]
>
>
>
> _______________________________________________
> Seawolf-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/seawolf-list
--
Jan Carlson janc at kubwa dot com
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
