[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is the default debian machine ripe for port attack?

At 2002-06-15T06:50:16Z, Dan Jacobson <jidanni@deadspam.com> writes:

> as the first line of many of the /etc/init.d/* files, then notice
> [using "nmap" which I downloaded] all these things listening to open ports:

> discard,daytime,ftp,telnet,smtp,time,finger,pop3,sunrpc,auth,nntp,
> imap2,imap3,snpp,printer,unknown,fax,hylafax,webcache,tproxy,vboxd

First off, nmap will not give you a canonical list of what's running.  I
admin several servers that firewall hosts that are portscanning them, for
example.  You probably want to use netstat instead:

kirk@pooh:~$ netstat -a | grep LISTEN
tcp        0      0 *:32768              *:*                 LISTEN      
tcp        0      0 *:time               *:*                 LISTEN      
tcp        0      0 *:discard            *:*                 LISTEN      
tcp        0      0 *:daytime            *:*                 LISTEN      
tcp        0      0 *:sunrpc             *:*                 LISTEN      
tcp        0      0 *:auth               *:*                 LISTEN      
tcp        0      0 *:1011               *:*                 LISTEN      
tcp        0      0 *:ssh                *:*                 LISTEN      
tcp        0      0 *:ipp                *:*                 LISTEN      
tcp        0      0 *:smtp               *:*                 LISTEN      

That's what's running on my Woody system, and several of those are due to
packages I installed later.

Try the experiment again using netstat (or lsof) instead of nmap and see
what's *really* listening on your system.  I suspect the situation may be
less dire than you original thought.  :)
-- 
Kirk Strauser
The Strauser Group - http://www.strausergroup.com/


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: