Are the following open ports a danger?
Graeme Nichols
gnichols at tpg.com.au
Sun Aug 15 05:18:46 UTC 2004
On Wed, 2004-08-11 at 01:23, jludwig wrote:
> On Tue, 2004-08-10 at 02:18, Graeme Nichols wrote:
> > Manuel Arostegui Ramirez wrote:
> >
> > > --- Chris Hewitt <rhil at manordata.uklinux.net>
> > > escribió:
> > >
> > >>On Mon, 2004-08-09 at 04:16, Graeme Nichols wrote:
> > >>
> > >>>Hello Folks, I have just become aware of a
> > >>
> > >>utility, nmap, to discover
> > >>
> > >>>open ports on my system. The output of the run is
> > >>
> > >>as follows:-
> > >>
> > >>>[graeme at barney graeme]$ sudo nmap -sS -O barney
> > >>>
> > >>>Starting nmap 3.50 ( http://www.insecure.org/nmap/
> > >>
> > >>) at 2004-08-09 13:07
> > >>
> > >>>EST
> > >>>Interesting ports on barney.localdomain
> > >>
> > >>(192.168.1.1):
> > >>
> > >>>(The 1637 ports scanned but not shown below are in
> > >>
> > >>state: closed)
> > >>
> > >>>PORT STATE SERVICE
> > >>>1/tcp open tcpmux
> > >>>11/tcp open systat
> > >>>15/tcp open netstat
> > >>>22/tcp open ssh
> > >>>111/tcp open rpcbind
> > >>>143/tcp open imap
> > >>>540/tcp open uucp
> > >>>635/tcp open unknown
> > >>>1024/tcp open kdm
> > >>>1080/tcp open socks
> > >>>1524/tcp open ingreslock
> > >>>2000/tcp open callbook
> > >>>6667/tcp open irc
> > >>>10000/tcp open snet-sensor-mgmt
> > >>>12345/tcp open NetBus
> > >>>12346/tcp open NetBus
> > >>>31337/tcp open Elite
> > >>>32771/tcp open sometimes-rpc5
> > >>>32772/tcp open sometimes-rpc7
> > >>>32773/tcp open sometimes-rpc9
> > >>>32774/tcp open sometimes-rpc11
> > >>>54320/tcp open bo2k
> > >>>Device type: general purpose
> > >>>Running: Linux 2.4.X|2.5.X
> > >>>OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2
> > >>
> > >>Linux 2.4.19 rc1-rc7)
> > >>
> > >>>Uptime 0.056 days (since Mon Aug 9 11:47:15 2004)
> > >>>
> > >>>Nmap run completed -- 1 IP address (1 host up)
> > >>
> > >>scanned in 6.560 seconds
> > >>
> > >>>Are any of the above open ports posing a danger
> > >>
> > >>that I should close?
> > >>
> > >>>My apologies for a dumb question but iptables is
> > >>
> > >>not my forte I'm
> > >>
> > >>>afraid. BTW, nmap got my system wrong, its FC2 on
> > >>
> > >>kernel 2.6.6
> > >>
> > >>Graeme,
> > >>
> > >
> > >
> > > 12345/tcp open NetBus
> > > 12346/tcp open NetBus
> > >
> > > Have you got a firewall running?
> >
> > Hi Manuel, thanks. Yes, I have iptables running and thought I had all
> > blocked from outside except ssh, mail and web browsing. I used the
> > graphical utility that comes with FC2. Doesn't look like it does a very
> > competent job :-)
> All you need to have running on a private box is possibly ssh.
>
> When a daemon is run it listens to "answer" a request.
>
> If you have a server, like mail then it must be running, otherwise turn
> all port servers off that don't need to be running.
>
> Second put up a good firewall something like;
>
> 1) Set all policies to reject.
> iptables -P INPUT REJECT
> iptables -P FORWARD REJECT
> iptables -P OUTPUT REJECT
>
> 2) iptables -I INPUT -i eth0 -m state --state \
> ! ESTABLISHED,RELATED -j REJECT
>
> 3) iptables -I FORWARD -i eth0 -m state\
> --state ! ESTABLISHED,RELATED -j REJECT
>
> etc
>
> (SEE http://www.linuxguruz.com/ )
Thanks Ludwig, appreciate your help.
--
----------------------------------------------------------------------
Kind regards, Graeme Nichols.
----------------------------------------------------------------------
Please take note:
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list