[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What services are using these ports?



>>>>> "Marc" == Marc Shapiro <mshapiro@inetone.net> writes:

Marc> I am trying to set up a linux server on the college campus that I
Marc> attend.  This will be, so far as I am aware, the only non Windows
Marc> machine on campus.  The campus sysadmin has security issues before
Marc> she will allow access to the server through the firewall.  I used
Marc> tasksel when I set the machine up to install the "Standard UNIX
Marc> Server."  This got me such things as ftp, ftpd, telnet and
Marc> telnetd.  These are all for the good.

Not good.  ftp and telnet are (usually) security risks, as passwords are
sent in the clear, and so people can sniff them.  (ftp is OK if you just
use it for anonymous ftp.)  Use ssh instead.

Marc> It also set up finger and fingerd, not so good; and talk, ytalk
Marc> and talkd.  I have uninstalled and purged the congiurations for
Marc> the finger and talk series of services.  This is probably enough
Marc> to eventually make the sysadmin happy, but there are a number of
Marc> ports which are active that we are not sure what is listening to
Marc> them.  Below is a list of ports (from before I did my deletes) and
Marc> what the sysadmin's resources say they are:

Helpful programs to figure out what's going on: netstat and lsof.  They
can help you figure out what programs are listening on your ports.

The fact that your sysadmin doesn't know some of these, though, scares
me.

Marc> 	Port	Service			Comments
Marc> 	----	----------------	--------------------------------
Marc> 	   9	discard			What is this?

It ignores all input.  It isn't of much use other than network testing.
It isn't much of a security risk, but if you're not going to use it,
there's no reason to keep it open.  It's usually handled natively by
identd.

Marc> 	  13	daytime			What is this?

Gives you the system time.  Again, handled by identd.  Again, turn it
off if you don't need it.

Marc> 	  21	ftp			OK

Not OK.  See above.

Marc> 	  22	unassigned		Is this talkd?

ssh.  Use it instead of ftp and telnet.

Marc> 	  23	telnet			OK

Not OK.  See above.

Marc> 	  25	smtp			I dont have smtpd running and do
Marc> 					not plan to set up a mail server.
Marc> 					Is this exim listening here?

Yes, this would be exim.  If you don't need a mail server, get rid of
it.  I'm not sure if local programs would ever need to talk to it via
port 25, so I just set it up to listen only on the loopback interface,
using xinetd.

Marc> 	  37	time			This should stay?

This is like daytime, but uses a different format.  Turn it off if you
don't need it.

Marc> 	  79	finger			This is gone, already.
Marc> 	 111	sun RPC			portmapper?  Do I need this?

Turn it off, unless you really know what you're doing.  This is used for
NIS and NFS, and is historically a big security hole.

Marc> 	 113	authentication		What is this?

identd.  You shouldn't need this.

Marc> 	 515	printer			No printer currently attatched,
Marc> 					but not a problem.

If you don't need it, get rid of it.  There might not be any known
exploits right now, but there might be in the future.  The fewer
services you have open, the less you have to worry about.


Look through the harden* and bastille packages.  Installing them would
be a good idea.  Subscribe to the -security and -security-announce
lists, and keep your system patched.  Look through
http://www.debian.org/security/ and the "Securing Debian" manual.  Set
up an iptables firewall.  Be paranoid.

-- 
Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Attachment: pgpEKEg6dVXFl.pgp
Description: PGP signature


Reply to: