[ale] how do I close a port / security problem

Eric Z. Ayers eric.ayers at mindspring.com
Thu Nov 25 08:34:09 EST 1999


Hello jfondow.

That is a useful URL

1) If you aren't using netbios for anything (sharing with windows or
NT machines), then you can just comment out a few lines in
/etc/services and send a kill -HUP to the inetd process. 

comment out any of these:
netbios-ns      
netbios-ns      
netbios-dgm     
netbios-dgm     
netbios-ssn     


2) If you aren't using sendmail at all, you can remove the link from
/etc/rc.d/rc3.d, but if you are like me, you are using it for fetchmail.

here's what I use for ipchains (in /etc/rc.d/rc.local) to block out
snmp on my modem 

ipchains -A input -p udp -i ppp0--destination-port snmp  -j DENY 
ipchains -A output -p udp -i ppp0 --destination-port snmp  -j DENY

I don't know why I used the long version of '-d'...

Here's what that URL tells me about SMTP.

 25 SMTP Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

YikeS! Someone turned on IMAP visible to the outside world!
AAAAAMMMYYYY!!!!  (Actually, I knew that she did that, but I forgot to
block it in the firewall)

-Eric.

jfondow writes:
 > I just noticed that I have ports 25(smtp), 80 and 139 (NetBIOS) open and
 > I need to close them.  I am running a SuSE box to connect to the
 > internet and it is running ip-masq to serve the connection to the rest
 > of the house.  What do I need to do to make this machine tighter on
 > security.  I thought I had ip-chains configured correctly, but I must be
 > wrong.  Here is the url that detected the open ports: 
 > http://www.grc.com/default.htm.  Any and all help would be greatly
 > appreciated.  Thank you.
 > 
 > SuSE 6.2, kernel 2.2.10






More information about the Ale mailing list