[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Ports safe to close?

Subject: Re: [cobalt-security] Ports safe to close?
From: "APS" <sculthorpe@xxxxxxxxxxxxx>
Date: Wed, 29 Aug 2001 00:35:46 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Carrie,

You might want to get a bit more adventurous with IPChains and allow only certain source
IP's/networks to access some of those those ports, what are those high ports being used
for? what switches did you use when running nmap?

While nmap does a good job you may want to go a step further and run Nessus against
your servers as it identifies services much more efficiently, nmap merely compares a port
number to a service name, ie if you moved ssh (default port 22) to port 52 nmap would see
it as xns-time when in fact it is clearly still ssh.

Nessus also performs several hundred security checks, it takes about 10 minutes or so
and the daemon runs happily on RAQ's, I suggest using the NessusWX client.

Take a look at http://www.nessus.org/ if you haven't already got it.

Regards,

Adam Sculthorpe
Internet Security Consultant

"The important secret of war is to make oneself master of the communications"
Napoleon I, Maxims of War (1831)

*********** REPLY SEPARATOR  ***********

On 28/08/2001 at 16:48 Carrie Bartkowiak wrote:

>When running an nmap scan on one of my servers with IPChains 
>installed and running, I get these open ports:
>1080/tcp   open        socks
>2000/tcp   open        callbook                
>2001/tcp   open        dc (this is digichat)
>6667/tcp   open        irc                     
>32771/tcp  open        sometimes-rpc5          
>32772/tcp  open        sometimes-rpc7          
>32773/tcp  open        sometimes-rpc9          
>32774/tcp  open        sometimes-rpc11
>
>I need to leave DigiChat open - what others can I close safely?
>I'm wondering why my PMFirewall ruleset didn't specify these ports be 
>closed, especially the irc port. Hmm.
>--
>CarrieB
>If someone with multiple personalities threatens to kill himself, is 
>it considered a hostage situation? 
>
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- Re: [cobalt-security] Ports safe to close?
  - From: Carrie Bartkowiak

References:
- [cobalt-security] Ports safe to close?
  - From: Carrie Bartkowiak

Prev by Date: Re: [cobalt-security] Ports safe to close?
Next by Date: Re: [cobalt-security] Where is that cobalt guy ? Again updateswithout notification
Previous by thread: Re: [cobalt-security] Ports safe to close?
Next by thread: Re: [cobalt-security] Ports safe to close?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index