[ale] Comments sought on port scan
John Mills
john at mills-atl.com
Tue Dec 12 07:38:20 EST 2000
Bob -
Thanks for the evaluation and suggestions. After signing off last night I
realized I hadn't followed the second step of your suggestion, "ps
-axlww|grep PID", looking at the processes which were running the ports.
No great surprizes - there are two related to 'rpc' and those already
known for X11 and 'sendmail'. More reflection on 'sendmail' suggests I
don't really need it with my DSL and the ISP's POP and SNMP services, so
I'll try without it. That leaves X11 -- I'll have to find out where that
port is started, and if I can keep it from listening to the net
interface. (I suppose that X11 must need some local port to work at all,
no?)
I renamed the 'portmap' script in '/etc/rc.d/init.d' to kill that service.
Running a 'nmapfe' Syn Stealth scan now looks a bit different, with a
higher degree of difficulty than the same run against the previous setup,
and the UDP scan shows _no_ ports open to the net. Further comments are
naturally welcomed:
***********************************************************************
Starting nmap V. 2.53 by fyodor at insecure.org ( www.insecure.org/nmap/ )
Interesting ports on $HOST.mills-atl.com (aa.bb.cc.dd):
(The 1515 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
113/tcp open auth
515/tcp open printer
1024/tcp open kdm
1025/tcp open listen
1030/tcp open iad1
6000/tcp open X11
TCP Sequence Prediction: Class=random positive increments
Difficulty=4733925 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.14
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
***********************************************************************
--
Regards -
John Mills
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list