Re: first attempt at security

shawn merdinger Mon, 24 Dec 2001 16:32:08 -0800

James,

portsentry opens up lots of *fake* listening ports.  To confirm your open
ports you might want to:


kill portsentry
double check your inetd.conf
restart inetd  **make sure portsentry doesn't restart
do a netstat -an
scan your box from another box : i.e.
nmap -nsS -O <your ip> -p 1-65535 -oN <some file> -v
nmap -nsU -O <your ip> -p 1-65535 -oN <some file> -v

then,

restart portsentry
repeat the nmap scans

then,

compare your results.  use /etc/services as a port reference.

good luck.

dinger


On 21 Dec 2001, James Nobles wrote:

>
>
> Hmmm...I'm trying to setup some security on my box
> having moved from dial-up to dsl.I'm using Red Hat
> 7.1 and i have
> portsentry running set for ports 1-500 i
> believe?Also a simple
> set of iptable rules that turns off echoing and
> forwarding.I have edited the /etc/services
> file.Now...when i do netstat -a i get the output
> below.Is this normal? All these tcp ports
> listening doesn't seem right or is it?  Thanks in
> advance.
>
>
> Active Internet connections (servers and
> established)
> Proto Recv-Q Send-Q Local Address
> Foreign Address         State
> tcp        0      0 *:1
> *:*                     LISTEN
> tcp        0      0 *:20034
> *:*                     LISTEN
> tcp        0      0 *:printer
> *:*                     LISTEN
> tcp        0      0 *:32771
> *:*                     LISTEN
> tcp        0      0 *:32772
> *:*                     LISTEN
> tcp        0      0 *:40421
> *:*                     LISTEN
> tcp        0      0 *:32773
> *:*                     LISTEN
> tcp        0      0 *:32774
> *:*                     LISTEN
> tcp        0      0 *:31337
> *:*                     LISTEN
> tcp        0      0 *:6667
> *:*                     LISTEN
> tcp        0      0 *:11
> *:*                     LISTEN
> tcp        0      0 *:5742
> *:*                     LISTEN
> tcp        0      0 *:143
> *:*                     LISTEN
> tcp        0      0 *:netstat
> *:*                     LISTEN
> tcp        0      0 *:x11
> *:*                     LISTEN
> tcp        0      0 *:54320
> *:*                     LISTEN
> tcp        0      0 *:2000
> *:*                     LISTEN
> tcp        0      0 *:1524
> *:*                     LISTEN
>
> tcp        0      0 *:socks
> *:*                     LISTEN
> tcp        0      0 *:12345
> *:*                     LISTEN
> tcp        0      0 *:12346
> *:*                     LISTEN
> tcp        0      0 *:635
> *:*                     LISTEN
> tcp        0      0 *:49724
> *:*                     LISTEN
> tcp        0      0 *:uucp
> *:*                     LISTEN
> udp        0      0 *:640
> *:*
> udp        0      0 *:641
> *:*
> udp        0      0 *:who
> *:*
> udp        0      0 *:1
> *:*
> udp        0      0 *:32770
> *:*
> udp        0      0 *:32771
> *:*
> udp        0      0 *:32772
> *:*
> udp        0      0 *:32773
> *:*
> udp        0      0 *:32774
> *:*
> udp        0      0 *:54321
> *:*
> udp        0      0 *:700
> *:*
> udp        0      0 *:31337
> *:*
> udp        0      0 *:635
> *:*
> raw        0      0 *:tcp
> *:*                     7
> raw        0      0 *:udp
> *:*                     7
>

Re: first attempt at security

Reply via email to