[Gllug] Port filtering question
Tethys
sta296 at astradyne.co.uk
Fri Oct 1 15:14:31 UTC 2010
--------
salsaman at xs4all.nl writes:
>1) netstat -an shows the following ports listening:
>
>tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
>tcp 0 0 127.0.0.1:44125 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN
>tcp 0 0 127.0.0.1:49220 0.0.0.0:* LISTEN
>
>81 is apache (I will explain why not 80 below), 22 is ssh and 631 is cupsd.
>
>However I have no idea what is running on the other ports.
netstat -ntlp (as root) will tell you
>2) my external IP address is currently 186.212.103.8.
>nmap shows:
>PORT STATE SERVICE
>80/tcp open http
>1863/tcp open msnp
>1864/tcp open paradym-31
>4443/tcp open pharos
>5190/tcp open aol
>5566/tcp open unknown
>49152/tcp open unknown
>
>now as far as I know I am not running anything on any of the ports shown.
If that's still your IP address, you have a hell of a lot more than that open.
>Any suggestions greatfully received....
Don't trust the router. Get iptables set up on your box, and block everything except the traffic you want to be allowing through.
Tet
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list