Re: [Q] what do these portmap log entries mean?
Michael Banck wrote:
> huh, my protscan shows this:
>
> Interesting ports on Blackbird (127.0.0.1):
> Port State Protocol Service
> 9 open tcp discard
> 13 open tcp daytime
> 21 open tcp ftp
> 23 open tcp telnet
> 25 open tcp smtp
> 37 open tcp time
> 111 open tcp sunrpc
> 119 open tcp nntp
> 139 open tcp netbios-ssn
> 757 open tcp unknown
> 1024 open tcp unknown
> 1025 open tcp listen
> 6000 open tcp X11
>
> first of all, what are these "unknown" entries about? these ports are
> not listed in /etc/services.
What i do is run the command "lsof | grep 757" to see what process is on
that port. i believe that is a NFS/rpc service though.
>
> and then, I use my machine as a gateway to the Internet, so is this
> ipchains-chain alright or do I need more firewalling?
> ipchains -A input -p tcp -i ippp0 -y -l -j DENY
>
> ippp0 is my ISDN-device.
that looks as if it would probably work.(im not an ipchains expert) I
would suggest scanning your ppp IP with nmap to see what is accessable
to the outside world. if for some reason ipchains isn't blocking it, i
would block everything except ftp, telnet, smtp (unless u don't need
them then block them too) on my machine (portal.aphroland.org, DSL) i
have SSH, ftp, http, and auth(port 113, for irc) open everything else is
firewalled shut. And that box has a _LOT_ of things running, probably 50
open ports if i didn't firewall it.
> Thanks a lot,
sure, glad to help!
nate
--
:::
ICQ: 75132336
http://www.aphroland.org/
http://www.linuxpowered.net/
aphro@aphroland.org
Reply to: