[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Cobalt RaQ3 ports
- Subject: Re: [cobalt-security] Cobalt RaQ3 ports
- From: Bill Irwin <bill_irwin@xxxxxxxx>
- Date: Fri, 04 May 2001 14:46:35 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Aleksey,
Port 444 is needed for the GUI webadmin.
Port 617 is used by one of the backup clients.
If you were hacked, most likely it came from the BIND vulnerability.
I've seen an increase in reports of hacks from this vulnerability in
this week (since May Day attacks started). Most people were probably
already hacked, but didn't know till this week.
If you are co-locating the server, try to find out if the ISP installed
the patches. If they didn't, they would be the ones responsible. If its
your machine, then you would be responsible.
Hope this helps.
Aleksey Udovydchenko wrote:
>
> Ports 444, 617, 7937, 7938 of my Cobalt RaQ3 server are opened. Is it
> safe? Are they necessary for work? I'm a newbie and don't know
> meaning all of this abbreviations, I can guess ftp on 21 for file
> transfering, 80 and 81 for web stuff but have no idea do I really need
> all other ports higher than 143?
> Recently my web site was attacked and I need to determine is it
> because of opened ports or its leaking of information. My ISP blames
> only me as they tell that web site totally secure and there is no way
> for any attacks exept stealing passwords from web site owners.
>
> Thanks a lot,
> Aleksey
--
Bill Irwin
Technical Support Engineer
Sun Microsystems, Inc.