Hello Guys,
I've just been studying my build here with netstat and found a few ports which are listening and I'm not convinced that they should be ;-) tcp 0 0 0.0.0.0:68 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN tcp 0 0 192.168.1.64:35760 192.168.1.66:83 TIME_WAIT tcp 0 0 192.168.1.64:35762 192.168.1.66:83 TIME_WAIT tcp 0 0 192.168.1.64:35757 192.168.1.66:83 TIME_WAIT tcp 0 0 192.168.1.64:35758 192.168.1.66:83 TIME_WAIT tcp 0 0 192.168.1.64:35759 192.168.1.66:83 TIME_WAIT tcp 0 0 192.168.1.64:35761 192.168.1.66:83 TIME_WAIT tcp6 0 0 :::53 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 1128 ::ffff:192.168.1.64:22 ::ffff:192.168.1.:51880 ESTABLISHED tcp6 0 0 ::ffff:192.168.1.64:22 ::ffff:192.168.1.:51877 ESTABLISHED Now, I see the established :22 connections at the bottom, these are quite expected, also the outbound connections on :63 to my test server, again I would expect these. However, :68, :111, :53, :1723 are all unknown to me. Do you recognise what any of these are for? Generally speaking I only require outside access to port 22, no other ports should be needed, is that correct? Or are some of these other ports required for vital services that I'm just not aware of? Can you guys recommend the best way to get these closed up? Just helps eliminate the vulnerabilities. Thanks, Robert
_______________________________________________ Voyage-linux mailing list [email protected] http://list.voyage.hk/mailman/listinfo/voyage-linux
