[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] /tmp/-v ?
- Subject: RE: [cobalt-security] /tmp/-v ?
- From: "Rob van Eijk" <rob@xxxxxxxxxxxx>
- Date: Tue, 29 May 2001 13:16:47 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
With an active monitored firewall on another box, open ports on your cobalt
shouldn't really matter.
--
MVG,
Rob van Eijk
www.blaeu.com
: -----Oorspronkelijk bericht-----
: Van: cobalt-security-admin@xxxxxxxxxxxxxxx
: [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]Namens Graeme Fowler
: Verzonden: Tuesday, May 29, 2001 12:43 PM
: Aan: 'cobalt-security@xxxxxxxxxxxxxxx'
: Onderwerp: RE: [cobalt-security] /tmp/-v ?
:
:
: Carrie (and list)
:
: > How do we stop the RaQ from listening to a port?
:
: Don't have a service running which listens to it. If the port's open, then
: something is listening; even if it is PortSentry.
: This is where the netstat command comes in useful. Try running:
:
: netstat -lnp
:
: which shows you listening ports and the process holding them open. And
: remember that editing inetd.conf isn't enough to close ports which it has
: opened; you have to restart inetd (either by sending it a SIGHUP or giving
: it a restart from /etc/rc.d/init.d/inetd)
:
: > I've got two things running in my inetd.conf... ftp and pop3.
: > Yet all of these other ports are open, even though I'm not running
: > this crap... and PortSentry has to bind to them because they're open.
:
: PortSentry is probably opening them itself!
:
: Take careful note that PortSentry has three distinct, different modes of
: operation. I suggest you have a read at
: http://www.psionic.com/abacus/portsentry/ and note the differences.
:
: Mode 1 - Classic:
: Binds to predefined ports and listens out for connections.
:
: Mode 2 - Enhanced
: Similar to Mode 1, but uses a raw socket rather than binding to the ports.
:
: Mode 3 - Advanced (Stealth)
: At startup, portsentry notes what ports you already have open and ignores
: them. It then uses a raw socket to listen to the unused ports and acts as
: you configure it upon them. This mode can generate a huuuuge
: amount of data
: (most of which can be ignored).
:
: [ with regard to your original question about the file in /tmp, I bet
: someone - you? - ran a command which takes -v as an argument but
: by mistake
: you piped or redirected the output to your switch instead:) ]
:
: Detecting port scans is all very well IMHO but you're better off keeping
: (and excuse the metaphor & repetition here) your doors and windows shut in
: the first place by keeping your system up-to-date.
: The only way to make sure your machine isn't vulnerable to attack is by
: switching off services (as Carrie has tried to do) and keeping all your
: network-facing services as up-to-date and patched as is possible.
:
: Your machines are facing the internet; it's a hostile place.
:
: HTH
:
: Graeme
: --
: Graeme Fowler
: Systems Administrator
: Host Europe Group plc
: _______________________________________________
: cobalt-security mailing list
: cobalt-security@xxxxxxxxxxxxxxx
: http://list.cobalt.com/mailman/listinfo/cobalt-security
: