[K12OSN] Security Concerns
Stephen Smoogen
smoogen at lanl.gov
Wed Jul 28 18:06:17 UTC 2004
On Wed, 28 Jul 2004, Rick O'Dell wrote:
> Sorry if this runs twice......
> I ran nmap localhost on a ltsp4.01 machine (Mail Server), Postfix,
>Mail Scanner, ClamAV, Openwebmail. Some of the results I don't understand.
>"rpcbind on port 111, ipp on port 631, rpc3 on port 32770, rpc5 on port
>32771." Are these ports legitimate, do I need them to be running, or has
>someone been playing with my server??????
All of those look legit for a diskless server on its inside network (if
LTSP is still using the setup it did in 2001). Seeing it on the outside
network (the part facing the internet) it is a concern because all of
those are 'untrustable' services.
rpcbind is portmap and is needed for NFS
ipp is cups and needed for printing.
rpc3/5 are probably the mount points.
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Lab CCN-5 Sched 5/40 PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
-- "We cannot have a free government without elections; and if the
-- rebellion could force us to forgo, or postpone, a national election,
-- it might fairly claim to have already conquered us." Abraham Lincoln
More information about the K12OSN
mailing list