Re: closeing open ports

[ktb <ktb@nixnotes.org>]

On Sun, Apr 29, 2001 at 11:38:25AM -0700, Michael Earls wrote:
> that was great info, but i do not need to masq any ips,  i just need to
> limit the ports being open,  i have edited inetd.conf, but there were some
> ports not listed in there.  here is a port scan on my box,
> 
> [root@dali mearls]# nmap -sS -sU vermeer
> 
> Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
> Interesting ports on vermeer.michaelearls.com (207.86.78.22):
> (The 3092 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 21/tcp     open        ftp
> 22/tcp     open        ssh
> 25/tcp     open        smtp
> 69/udp     filtered    tftp
> 80/tcp     open        http
> 111/tcp    open        sunrpc
> 111/udp    open        sunrpc
> 138/udp    open        netbios-dgm
> 515/tcp    open        printer
> 517/udp    open        talk
> 1024/tcp   open        kdm
> 1025/udp   open        blackjack
> 1026/udp   open        unknown
> 
> Nmap run completed -- 1 IP address (1 host up) scanned in 1709 seconds
> 
> from port 111 to 1026.  I only need the first ones open,  does your ipchain
> script do that without trying to masq or what do i need to change to fix
> that.

Yes you can filter without masq, and you should in your situation but you 
should also learn what services your box is running and how to shut them
down.  You have a web server, portmap, etc. running.  If you aren't using
those at this time there really isn't a reason to run them.  I sent
either you or another person on the list instructions on how to do so
using portmap as an example.  You can do the same thing with many other
services.  If you didn't see my post or didn't understand or I messed up
somewhere post back and let me know. 
kent

-- 
 From seeing and seeing the seeing has become so exhausted
     First line of "The Panther" - R. M. Rilke