WilliamS Posted November 13, 2003 Report Share Posted November 13, 2003 Just did a port scan at dslreports.com, and got this: Your IP Address Conclusion: Possible Problem! We did get information from scanning your ports, this information could encourage attackers to probe further. Do you know why you are advertising these services to the net? perhaps installation of a firewall, or reconfiguration of your firewall to be more secure, would provide peace of mind. other TCP CLOSED We received a response that this port was closed. TCP 111 is OPEN Check our ports page for more info on TCP:111 We have no specific hints for this port number just yet. We are monitoring results though, and we add advice for port numbers that come up frequently. TCP 515 is OPEN Check our ports page for more info on TCP:515 We have no specific hints for this port number just yet. We are monitoring results though, and we add advice for port numbers that come up frequently. TCP 6000 is OPEN Check our ports page for more info on TCP:6000 We have no specific hints for this port number just yet. We are monitoring results though, and we add advice for port numbers that come up frequently. ALL UDP FILTERED No response (open or closed) to an open request was received. Is this something to be concerned about? And if so, any suggestions? Quote Link to comment Share on other sites More sharing options...
linux_learner Posted November 13, 2003 Report Share Posted November 13, 2003 unless your running a server, all your ports should be "closed". arno's firewall is a good script that will easily acomplish that. if you dont like scripts, there guarddog, and many other front end (gui) firewalls. kde has one out now. investing in a router might not be a bad idea, since routers can be used as hardware firewalls, and are easily configured. check out ip aliasing, ip masquerading, port forwarding, and iptables. learn these. learn what they are and how to use them. disable services you dont need. port 6000 i believe is X. you can disable that, with out disabling X. tell X "tcp-no listen" or something like that. think of it this way, ports are ways to get into your system. you want them blocked. you want to be able to surf and such, but dont want to be vulnerable. with firewalling there are 3 rules. accept, reject, and drop. drop is like stealth. the information is sent to you, but the sender doesnt know you received it. reject is where you send information to the sender letting them know you are refusing. Quote Link to comment Share on other sites More sharing options...
Guest Phat Penguin Posted November 13, 2003 Report Share Posted November 13, 2003 Port 111 - sunrpc port Port 515 - printer port Port 6000 - X11 Server I can see no real good reason to have these open to the world, my suggestion is to close them down to the outside. A skilled attacker could exploit these services if they are not patched and/or a new vulnerability is found. As for having these open to the world, Concern - yes, Panic - not just yet :) Its a while since I used Mandrake and I assume you are using Mandrake, from the Mandrake mail list archives I found ... Add the following to /etc/security/msec/level.local: from mseclib import * allow_x_connections(NONE, no) or open /usr/X11R6/bin/startx and add "-nolisten tcp" to DEFAULTCLIENTARGS and DEFAULTSERVERARGS should add a permanent fix for the Port 6000 problem, (if having a remote connection to your X Session is a problem of course) and firewalling off the other two ports should lock things down. For the time being, unless the sunrpc or printer services are required .... go to the Control Center > Services (I think from memory) and turn them off .... then scan again and see how you go. Mine from DSLreports PORT SCAN: "Conclusion: Healthy Setup! We could detect nothing interesting on any of the default ports on your IP address. Your computer appears to be a hard target. Well done!" -- got to be fairly happy with that result. Quote Link to comment Share on other sites More sharing options...
tyme Posted November 13, 2003 Report Share Posted November 13, 2003 If you are in mandrake you can just go into the mandrake control center and turn on the firewall utility (it's under networking). it should take care of closing these ports off. the X11 port is something you DEFINITELY do not want open to the world. sunrpc isn't a huge deal, but better safe than sorry. i don't know much about the printer port, but i'm sure you don't want people printing random things off ;) Quote Link to comment Share on other sites More sharing options...
WilliamS Posted November 13, 2003 Author Report Share Posted November 13, 2003 linux_learner jogged my memory - last time I installed Mandrake webmin was installed. So I did urpme to it, and now port scan shows nothing open. Thanks for your replies. I have some learning to do about ports. :D Quote Link to comment Share on other sites More sharing options...
Michel Posted November 13, 2003 Report Share Posted November 13, 2003 For knowing which programs use which ports and for what certain ports are used for..I recommend pcflank. For knowing which application use which ports....: apps-ports Hope this is of some help... Quote Link to comment Share on other sites More sharing options...
WilliamS Posted November 16, 2003 Author Report Share Posted November 16, 2003 urpme webmin didn't fix the problem permanently, but guarddog did. :D Didn't understand the Mandrake firewall utility. Passes both dslreports and shieldsup tests.B) More to learn now... Thanks all. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.