Open Ports

Subject: Open Ports
From: Neil Jolly (njolly@home.com)
Date: Tue Jan 11 2000 - 21:17:44 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Joe Davidchik: "Proxy Server"
• Previous message: Luke Tymowski: "Re: Python Pystones"
• Next in thread: Joe Davidchik: "Proxy Server"

I've been doing some security checks on our network, and servers lately,
and came across some ports that are open, but are commented out in
/etc/inetd. Heres the output from a port scan on my G3 running YDL:
Port State Protocol Service
1 open tcp tcpmux
11 open tcp systat
15 open tcp netstat
22 open tcp ssh
25 open tcp smtp
53 open tcp domain
79 open tcp finger
80 open tcp http
110 open tcp pop-3
111 open tcp sunrpc
113 open tcp auth
119 open tcp nntp
143 open tcp imap2
515 open tcp printer
540 open tcp uucp
635 open tcp unknown
1025 open tcp listen
1080 open tcp socks
1524 open tcp ingreslock
2000 open tcp callbook
5432 open tcp postgres
6000 open tcp X11
6667 open tcp irc
12345 open tcp NetBus
12346 open tcp NetBus
TCP Sequence Prediction: Class=random positive increments
                         Difficulty=3532196 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.1.132; 2.2.0-pre1 -
2.2.2

And here's my related lines in inetd:
#imap stream tcp nowait root /usr/sbin/tcpd imapd
#finger stream tcp nowait root /usr/sbin/tcpd in.fingerd
#cfinger stream tcp nowait root /usr/sbin/tcpd in.cfingerd
#systat stream tcp nowait guest /usr/sbin/tcpd /bin/ps -auwwx
#netstat stream tcp nowait guest /usr/sbin/tcpd /bin/netstat

I'm most concerned about finger, systat, nntp,and netstat running. At
first I thought my machine had been compromised when I saw the irc port
open, but I can find any evidence of a break in. No RPMS have been
altered since I installed them, and no unknown users, or directories
that are obvious or hidden.I've looked through all my scripts in
/etc/rc.d/init.d, and I can't find any reference to these services. I've
also checked initab, but nothing. ps aux shows that none of these
daemons are running. I have portsentry running as well as a pretty well
configured ipchains based firewall, so any attempt to attach to these
ports gets rejected, but I'd much sooner have them closed. Does anyone
know a good way to find out what is opening these ports? Thanks !

--
Neil Jolly
----------------------------------------------------------
Coming at from Yellowdog Linux - another MICRO~1 free OS!
Got trouble with your X?
Try
http://www.members.home.net/njolly/xfree86/
----------------------------------------------------------

• Next message: Joe Davidchik: "Proxy Server"
• Previous message: Luke Tymowski: "Re: Python Pystones"
• Next in thread: Joe Davidchik: "Proxy Server"

This archive was generated by hypermail 2a24 : Tue Feb 01 2000 - 17:50:57 MST