Re: closing unwanted ports - and what is 1720/tcp filtered H.323/Q.931
Noah Meyerhans wrote:
> On Thu, Dec 15, 2005 at 12:35:09PM +0000, kevin bailey wrote:
>> the service:
>> 443/tcp open https
>> is used to protect the webmail service. it is meant to stop the email
>> passwords from being sniffed.
>
> If you're concerned about passwords being sniffed, you better shut off
> pop3 and imap, too (unless you configure IMAP such that plaintext
> passwords will never be prompted for, which should be possible according
> to section 6.2.2 of RFC 3501). In the case of pop3, it is not possible
> to configure secure authentication mechanisms, and you should switch to
> the SSL-tunnelled pop3s if you really need POP support.
good point - also the fact that the users stick their email passwords to
their monitors using postits!
i'm almost thinking to switch the webmail service to normal apache - this
would save me from having to run apache-ssl altogether.
the email accounts are virtual accounts and are not system/FTP accounts run
on a courier email server.
>
>> what is
>> 1720/tcp filtered H.323/Q.931
>> ?
>>
>> and how do i turn it off if it is uneccessary.
>
> It may be nothing. The fact that it showed up as filterd in the nmap
> output indicates that nmap didn't received a TCP RST packet back when it
> tried to contact that port. That may mean you have iptables configured
> to DROP packets to that port.
iptables has not been set up - but i take what you say.
so if i set up a firewall and drop nearly all packets does nmap report ports
as unfiltered?
thanks for your points,
kev
>
> noah
Reply to: