[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Ports safe to close?
- Subject: Re: [cobalt-security] Ports safe to close?
- From: "APS" <sculthorpe@xxxxxxxxxxxxx>
- Date: Wed, 29 Aug 2001 00:35:46 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Carrie,
You might want to get a bit more adventurous with IPChains and allow only certain source
IP's/networks to access some of those those ports, what are those high ports being used
for? what switches did you use when running nmap?
While nmap does a good job you may want to go a step further and run Nessus against
your servers as it identifies services much more efficiently, nmap merely compares a port
number to a service name, ie if you moved ssh (default port 22) to port 52 nmap would see
it as xns-time when in fact it is clearly still ssh.
Nessus also performs several hundred security checks, it takes about 10 minutes or so
and the daemon runs happily on RAQ's, I suggest using the NessusWX client.
Take a look at http://www.nessus.org/ if you haven't already got it.
Regards,
Adam Sculthorpe
Internet Security Consultant
"The important secret of war is to make oneself master of the communications"
Napoleon I, Maxims of War (1831)
*********** REPLY SEPARATOR ***********
On 28/08/2001 at 16:48 Carrie Bartkowiak wrote:
>When running an nmap scan on one of my servers with IPChains
>installed and running, I get these open ports:
>1080/tcp open socks
>2000/tcp open callbook
>2001/tcp open dc (this is digichat)
>6667/tcp open irc
>32771/tcp open sometimes-rpc5
>32772/tcp open sometimes-rpc7
>32773/tcp open sometimes-rpc9
>32774/tcp open sometimes-rpc11
>
>I need to leave DigiChat open - what others can I close safely?
>I'm wondering why my PMFirewall ruleset didn't specify these ports be
>closed, especially the irc port. Hmm.
>--
>CarrieB
>If someone with multiple personalities threatens to kill himself, is
>it considered a hostage situation?
>
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security