[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Open port 1 & 6 question
- Subject: [cobalt-security] Open port 1 & 6 question
- From: Charles Teton <info@xxxxxxxxxx>
- Date: Fri, 12 Jul 2002 03:24:15 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi RaQ Gurus,
I checked the archive and google, but can't seem to get any definite info
why Ports 1 and 6 seem to be running. I've check it with netstat -avp in
root but it keeps coming up as a blank with which process is running/using
the port. I've disable everything on my RaQ3 apart from the web and email
pop3 server and control via https and SSH2 for ftp and shell. I've
temporarily disable portsentry and ipchains for the read out below. I also
checked in both: /etc/admserv/conf/httpd.conf and
/etc/httpd/conf/httpd.conf.
In the '/etc/services' both ports 1 and 6 look open, ie do not have a '#'
before. Is this where I can disable them or are they being used by something
else.
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
Tcp 0 0 0.0.0.0:22 0.0.0.0:* ESTABLISHED 10979/sshd
Tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 461/sendmail
Tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 428/httpd
Tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 428/httpd
Tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 346/httpd
Tcp 0 0 0.0.0.0:444 0.0.0.0:* LISTEN 346/httpd
Tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 326/sshd
Tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 321/inetd
Tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 321/inetd
Raw 0 0 0.0.0.0:1 (icmp) 0.0.0.0:* 7 -
Raw 0 0 0.0.0.0:6 (tcp) 0.0.0.0:* 7 -
(I've taken out my address on port 22 above)
Thanks for you help, after reading a lot on security I'm getting pretty
paranoid...
A really helpful page for newbies I found for recently:
http://www.ego.ws/linux/
Regards,
Charles Teton