[ale] Comments sought on port scan

John Mills john at mills-atl.com
Mon Dec 11 22:41:48 EST 2000 

On Mon, 11 Dec 2000, Bob's ALE Mail wrote:

> > **********************************************************************
> > Starting nmap V. 2.53 by fyodor at insecure.org ( www.insecure.org/nmap/ )
> >  Interesting ports on $HOST.mills-atl.com (aa.bb.cc.dd):
> > (The 1516 ports scanned but not shown below are in state: closed)
> > Port       State       Service
> > 22/tcp     open        ssh                     
> Ok so long as all of your accounts have good passwords on them.

shadow, md5, accepted by PAM

> > 25/tcp     open        smtp                    
> Does your ISP intercept SMTP (sendmail)?  Most do but if yours does not
> you either want to ensure that your sendmail is up-to-date and securely
> configured or turn it off.

I don't need serve smtp, AFAIK. I run 'fetchmail' as a pop-client to the
ISP, putting mail on sendmail locally. Outgoing hits the ISP's SMTP server
directly.

Where do I turn this off at with regard to net access?

> > 111/tcp    open        sunrpc                  
> Turn this off or be cracked!

Yes, but where? I've tried commenting out smtp and sunrpc in /etc/services
and nothing but 'auth' is turned on in /etc/inted.conf.

> 
> > 113/tcp    open        auth                    
> ok.
> 
> > 515/tcp    open        printer                 
> If you don't have a printer then turn this off.  If you do, ensure that you
> have an up-to-date version that is free of known holes.

I'll do some reading here, I guess.

> > 941/tcp    open        unknown                 
> I don't know what this is.  DO 'netstat -ap' and to see the PID of the
> process having it open and then do "ps -axlww|grep PID" and analyze.
> 
> > 6000/tcp   open        X11                     
> Definitely disable this by causing X to not listen on the TCP port!

All I see is:
tcp        0      0 *:941                   *:*                     LISTEN
-                   
tcp        0      0 *:111                   *:*                     LISTEN
-                   
tcp        0      0 *:6000                  *:*                     LISTEN
-                   

No PID shown for the sunrpc, X11, nor [941] users.

I suppose X11 listening on the port allows me to display for remote X11
tasks, but I better put some access control on that. Any suggestions where
to actually cut these off, and X11 access control?

Thanks for the prompt reply, and for any other comments.

-- 
Regards -
 John Mills

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list