Re: How secure am I?
hi ya
nope... the box is NOT secrure...never is...
just depends on who the attacker is...if they wanna get in..they willl
there is no point nowdays to be running discard, daytime, time
no reason to run netbios-ssn unless its a samba server that
requires/allows winXX users to write data to this machine
ssh is being attacked/exploited on a regular basis
smtp is notorious for exploits...
http is being attacked/exploited regularly...
printer is attacked regularly...
so far...all the ports you have open are those that exploits already
exists.....
- run the exploits and see if it gave a reg user root access
http://www.Linux-Sec.net/Hacking/
- download the rootkits from the various urls and run um
if none of the rootkits alows you to get into yourserver...
than you can be farily certain that you're relatively safe....
as of that minute.....
have fun
alvin
On Fri, 3 Aug 2001, Patrick Kirk wrote:
> 9/tcp open discard
> 13/tcp open daytime
> 22/tcp open ssh
> 25/tcp open smtp
> 37/tcp open time
> 53/tcp open domain
> 80/tcp open http
> 113/tcp open auth
> 139/tcp open netbios-ssn
> 515/tcp open printer
>
> Hi all,
>
> Latest output of nmap. Everything you see I need. Port 25 and 139 are
> nailed to eth0 thus are secure.
>
> Problems:
> Port 53 is open and I'm not able to work out how to bind it to eth*
> excluding all access via ppp*.
>
> I need ftp. update-rc.d -f proftpd remove takes it out of the live config.
> ssh in, /etc/init.d/proftpd start and I can do my backips/restores, etc then
> close it again. scp would be much neater.. But dselect scp gets nothing
> appropriate. What do I need in sources.list for scp?
>
> As for the rest, I assume that this box can now be called secure?
>
Reply to: