[ale] Comments sought on port scan

[Fletch]

>>>>> "John" == John Mills <john at mills-atl.com> writes:

    John> Went back and ran netstat -ap as root, giving more info.

    John> On Mon, 11 Dec 2000, Bob's ALE Mail wrote:

    >> > 111/tcp open sunrpc Turn this off or be cracked!
    >> 
    >> > 941/tcp open unknown I don't know what this is.  DO 'netstat
    >> -ap' and to see the PID of the process having it open and then
    >> do "ps -axlww|grep PID" and analyze.
    >> 
    >> > 6000/tcp open X11 Definitely disable this by causing X to not
    >> listen on the TCP port!

    John> tcp 0 0 *:6000 *:* LISTEN 6619/X ...  tcp 0 0 *:941 *:*
    John> LISTEN 338/rpc.statd tcp 0 0 *:111 *:* LISTEN 314/portmap

    John> Now, where should I go to control these?


        Best thing to do if you've got ipchains compiled into your
kernel (which you probably should on a box that's connected to the
'net at large) is to simply drop any packets to these ports on the
outside interface.  The book `Building Linux and OpenBSD Firewalls' is 
a good reference for ipchains, and they've got sample scripts on the
companion web site (the url of which eludes me since the book is
sitting downstairs, but if you google for the title I'm sure it'll
turn up).

-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org   |  Vincent, you should cease askin'          \ o.O'
770 933-0600 x211(w)  |  scary questions." -- Jules                =(___)=
                      |                                               U
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.