[Gllug] nmap
Tom Gilbert
tom at linuxbrit.co.uk
Tue Jan 29 19:26:06 UTC 2002
* harry (postituk at yahoo.com) wrote:
> Hi all
>
> The following is the nmap output from my Debian box. I can see the need for
> ssh, domain, squid-http but I have no idea what some of the others are.
> Sunrpc is used for nfs and I have tried to stop this until such times as I
> need it but have had no joy. I have even tried "rmmod sunrpc" along with nfs
> and lockd. Would this cause any security implications. The only one that
> appeared red was ssh.
>
> 53/tcp open domain
Are you deliberately running public dns? Probably not, so lose it,
otherwise, fer gawds sake chroot it.
> 111/tcp open sunrpc
lose that.
> 139/tcp open netbios-ssn
lose that.
> 515/tcp open printer
and lose that.
For the printer and samba, you can make them listen to only an internal
address. Good luck trying that for sunrpc (the portmapper), that thing
is a massive source of exploits, so I suggest you find a way to lose it.
Either don't run rpc-based services (e.g an nfs server) on an internet
facing machine, or install a firewall to block those ports - which you
should probably do anyway.
sshd, httpd, fine.
Tom.
--
.^. .-------------------------------------------------------.
/V\ | Tom Gilbert, London, England | http://linuxbrit.co.uk |
/( )\ | Open Source/UNIX consultant | tom at linuxbrit.co.uk |
^^-^^ `-------------------------------------------------------'
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list