Click to See Complete Forum and Search --> : check my security
Harvey
10-13-2000, 12:54 AM
Hey guys, just got my network setup and my slackware box should be online 24/7 now! I hope to make it a webserver.
Could you check it out to make sure it's safe? It seems so to me. And I'm behind a firewall that my apartment people put up as well it seems... let me know what you think.
12.2.43.130
the webserver is listening on 8080 http://12.2.43.130:8080
be nice...
dang! cool http://www.linuxnewbie.org/ubb/smile.gif hehehe am running apache too in slack7.1 and its running 24/7 http://www.linuxnewbie.org/ubb/smile.gif
http://www.datacom.mozcom.com
way to go HARVEY! http://www.linuxnewbie.org/ubb/biggrin.gif
uummm, I got telnet, ftp, nfs, netbios and a lot more up and half of 'em listening. Check those firewall rules on your local box!!
Crankshooter
10-15-2000, 01:51 PM
Starting nmap V. 2.54BETA3 ( www.insecure.org/nmap/ (http://www.insecure.org/nmap/) )
Interesting ports on DHCP-43-130.thefields.com (12.2.43.130):
(The 1515 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp filtered ftp
22/tcp open ssh
23/tcp filtered telnet
25/tcp filtered smtp
37/tcp open time
80/tcp filtered http
110/tcp filtered pop-3
111/tcp open sunrpc
113/tcp open auth
139/tcp filtered netbios-ssn
515/tcp open printer
587/tcp open submission
694/tcp open unknown
2049/tcp open nfs
8080/tcp open http-proxy
Harvey
10-15-2000, 03:56 PM
what exactly does all that mean?
should I be worried about anything?
Golden_Eternity
10-15-2000, 04:46 PM
If you have portmap running, I would definitely shut it down (that's the sunrpc, port 111)... CERT currently has it and the WU-FTPD site exect hole as the two prime targets of attack right now. (The third is the IRIX telnetd issue, but that doesn't really affect us http://www.linuxnewbie.org/ubb/wink.gif )
Oh, but portmap is needed for nfs/nis so if you use that you may want to look into patching portmap, then...
[This message has been edited by Golden_Eternity (edited 15 October 2000).]
Harvey
10-15-2000, 04:49 PM
what exactly is nfs? and how can I shutdown portmap? (what does it do?) I checked in inetd.conf but didn't see anything about it there...
maxl stylee
10-15-2000, 05:56 PM
first....
"ps aux | grep portmap"
get the process id. then kill the process
"cd /etc/rc.d/init.d/"
"rm portmap"
...
that's where portmap was located on my system. i'm running drak 7.1
Alex
Harvey
10-15-2000, 06:11 PM
is that the whole portmap program that I would end up killing? wouldn't it be a good idea to just disable it from starting up rather than nuking the thing?
maxl stylee
10-15-2000, 06:13 PM
.....well, i just killed the program right now, that way i wouldn't have to restart.
sure...you can just stop it from starting up.../etc/rc.d/init.d/
just remove it from there.
alex
Harvey
10-15-2000, 06:19 PM
cool thanks for the tip!