Re: Is the default debian machine ripe for port attack?
At 2002-06-15T06:50:16Z, Dan Jacobson <jidanni@deadspam.com> writes:
> as the first line of many of the /etc/init.d/* files, then notice
> [using "nmap" which I downloaded] all these things listening to open ports:
> discard,daytime,ftp,telnet,smtp,time,finger,pop3,sunrpc,auth,nntp,
> imap2,imap3,snpp,printer,unknown,fax,hylafax,webcache,tproxy,vboxd
First off, nmap will not give you a canonical list of what's running. I
admin several servers that firewall hosts that are portscanning them, for
example. You probably want to use netstat instead:
kirk@pooh:~$ netstat -a | grep LISTEN
tcp 0 0 *:32768 *:* LISTEN
tcp 0 0 *:time *:* LISTEN
tcp 0 0 *:discard *:* LISTEN
tcp 0 0 *:daytime *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:auth *:* LISTEN
tcp 0 0 *:1011 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
That's what's running on my Woody system, and several of those are due to
packages I installed later.
Try the experiment again using netstat (or lsof) instead of nmap and see
what's *really* listening on your system. I suspect the situation may be
less dire than you original thought. :)
--
Kirk Strauser
The Strauser Group - http://www.strausergroup.com/
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: