Are the following open ports a danger?

Graeme Nichols gnichols at tpg.com.au
Sun Aug 15 05:18:46 UTC 2004 

On Wed, 2004-08-11 at 01:23, jludwig wrote:
> On Tue, 2004-08-10 at 02:18, Graeme Nichols wrote:
> > Manuel Arostegui Ramirez wrote:
> > 
> > >  --- Chris Hewitt <rhil at manordata.uklinux.net>
> > > escribió: 
> > > 
> > >>On Mon, 2004-08-09 at 04:16, Graeme Nichols wrote:
> > >>
> > >>>Hello Folks, I have just become aware of a
> > >>
> > >>utility, nmap, to discover
> > >>
> > >>>open ports on my system. The output of the run is
> > >>
> > >>as follows:-
> > >>
> > >>>[graeme at barney graeme]$ sudo nmap -sS -O barney
> > >>> 
> > >>>Starting nmap 3.50 ( http://www.insecure.org/nmap/
> > >>
> > >>) at 2004-08-09 13:07
> > >>
> > >>>EST
> > >>>Interesting ports on barney.localdomain
> > >>
> > >>(192.168.1.1):
> > >>
> > >>>(The 1637 ports scanned but not shown below are in
> > >>
> > >>state: closed)
> > >>
> > >>>PORT      STATE SERVICE
> > >>>1/tcp     open  tcpmux
> > >>>11/tcp    open  systat
> > >>>15/tcp    open  netstat
> > >>>22/tcp    open  ssh
> > >>>111/tcp   open  rpcbind
> > >>>143/tcp   open  imap
> > >>>540/tcp   open  uucp
> > >>>635/tcp   open  unknown
> > >>>1024/tcp  open  kdm
> > >>>1080/tcp  open  socks
> > >>>1524/tcp  open  ingreslock
> > >>>2000/tcp  open  callbook
> > >>>6667/tcp  open  irc
> > >>>10000/tcp open  snet-sensor-mgmt
> > >>>12345/tcp open  NetBus
> > >>>12346/tcp open  NetBus
> > >>>31337/tcp open  Elite
> > >>>32771/tcp open  sometimes-rpc5
> > >>>32772/tcp open  sometimes-rpc7
> > >>>32773/tcp open  sometimes-rpc9
> > >>>32774/tcp open  sometimes-rpc11
> > >>>54320/tcp open  bo2k
> > >>>Device type: general purpose
> > >>>Running: Linux 2.4.X|2.5.X
> > >>>OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2
> > >>
> > >>Linux 2.4.19 rc1-rc7)
> > >>
> > >>>Uptime 0.056 days (since Mon Aug  9 11:47:15 2004)
> > >>> 
> > >>>Nmap run completed -- 1 IP address (1 host up)
> > >>
> > >>scanned in 6.560 seconds
> > >>
> > >>>Are any of the above open ports posing a danger
> > >>
> > >>that I should close?
> > >>
> > >>>My apologies for a dumb question but iptables is
> > >>
> > >>not my forte I'm
> > >>
> > >>>afraid. BTW, nmap got my system wrong, its FC2 on
> > >>
> > >>kernel 2.6.6
> > >>
> > >>Graeme,
> > >>
> > > 
> > > 
> > > 12345/tcp open  NetBus
> > > 12346/tcp open  NetBus
> > > 
> > > Have you got a firewall running? 
> > 
> > Hi Manuel, thanks. Yes, I have iptables running and thought I had all 
> > blocked from outside except ssh, mail and web browsing. I used the 
> > graphical utility that comes with FC2. Doesn't look like it does a very 
> > competent job :-)
> All you need to have running on a private box is possibly ssh.
> 
> When a daemon is run it listens to "answer" a request. 
> 
> If you have a server, like mail then it must be running, otherwise turn
> all port servers off that don't need to be running.
> 
> Second put up a good firewall something like;
> 
> 1) Set all policies to reject.
> iptables -P INPUT REJECT
> iptables -P FORWARD REJECT
> iptables -P OUTPUT REJECT
> 
> 2) iptables -I INPUT -i eth0 -m state --state \
> ! ESTABLISHED,RELATED -j REJECT
> 
> 3) iptables -I FORWARD -i eth0 -m state\
>  --state ! ESTABLISHED,RELATED -j REJECT
> 
> etc
> 
> (SEE http://www.linuxguruz.com/ )

Thanks Ludwig, appreciate your help.

--
----------------------------------------------------------------------
Kind regards, Graeme Nichols.
----------------------------------------------------------------------
Please take note:
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list