[ale] Comments sought on port scan

John Mills john at mills-atl.com
Tue Dec 12 07:38:20 EST 2000


Bob -

Thanks for the evaluation and suggestions. After signing off last night I
realized I hadn't followed the second step of your suggestion, "ps
-axlww|grep PID", looking at the processes which were running the ports.

No great surprizes - there are two related to 'rpc' and those already
known for X11 and 'sendmail'. More reflection on 'sendmail' suggests I
don't really need it with my DSL and the ISP's POP and SNMP services, so
I'll try without it. That leaves X11 -- I'll have to find out where that
port is started, and if I can keep it from listening to the net
interface. (I suppose that X11 must need some local port to work at all,
no?)

I renamed the 'portmap' script in '/etc/rc.d/init.d' to kill that service.

Running a 'nmapfe' Syn Stealth scan now looks a bit different, with a
higher degree of difficulty than the same run against the previous setup,
and the UDP scan shows _no_ ports open to the net. Further comments are
naturally welcomed:

***********************************************************************

Starting nmap V. 2.53 by fyodor at insecure.org ( www.insecure.org/nmap/ )
 Interesting ports on $HOST.mills-atl.com (aa.bb.cc.dd):
(The 1515 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
25/tcp     open        smtp                    
113/tcp    open        auth                    
515/tcp    open        printer                 
1024/tcp   open        kdm                     
1025/tcp   open        listen                  
1030/tcp   open        iad1                    
6000/tcp   open        X11                     

TCP Sequence Prediction: Class=random positive increments
                         Difficulty=4733925 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.14

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
***********************************************************************

-- 
Regards -
 John Mills


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list