Re: firewall script and port 389,1002,1720..

To: <debian-user@lists.debian.org>
Subject: Re: firewall script and port 389,1002,1720..
From: "nate" <debian-user@aphroland.org>
Date: Wed, 2 Jan 2002 13:29:26 -0800 (PST)
Message-id: <[🔎] 4189.216.39.174.24.1010006966.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 5.1.0.14.0.20020102150509.01307210@pop.hotpop.com>
References: <[🔎] 5.1.0.14.0.20020102150509.01307210@pop.hotpop.com>

<quote who="wsa">
> Hi,

> My questions,
> Why are those last 3 ports open?

use lsof or fuser to determine what PID has that port open.
fuser -n udp PORT_NUMBER
fuser -n tcp PORT_NUMBER
lsof | grep LISTEN (shows TCP listening processes)
lsof | grep UDP (shows UDP listening processes)

> i've looked around in the rcx.d directories and init.d but i could
> find nothing about LDAP...so why is this even running?

maybe its a bug in the remote scanner ..if fuser or lsof
shows nothing then nothing is there.

> And is there any reason not to block those ports with a few extra
> rules? And..if someone can find the time to look over the rules in
> that script...is it a decent and safe script?:)

if you don't need them, block them yes. it would be even
better to shut the software that is using them down totally
if you are not going to use it(or remove it totally).

i reccomend doing a nmap scan of yourself and build the firewall
script accordingly(from scratch). what i do:

nmap -sS -P0 -p 1-65535 YOUR_REAL_IP_HERE
nmap -sU -P0 -p 1-65535 YOUR_REAL_IP_HERE

nate

Reply to:

References:
- firewall script and port 389,1002,1720..
  - From: wsa <wsa@hotpop.com>

Prev by Date: Re: Squirrelmail with uw-imapd
Next by Date: Hardware advice needed
Previous by thread: firewall script and port 389,1002,1720..
Next by thread: Change number of characters displayed on line in text mode (tty0)?
Index(es):
- Date
- Thread