[Gllug] Port filtering question
general_email at technicalbloke.com
general_email at technicalbloke.com
Sun Oct 10 20:34:21 UTC 2010
On 01/10/10 16:53, salsaman at xs4all.nl wrote:
> On Fri, October 1, 2010 17:14, Tethys wrote:
>
>> --------
>>
>> salsaman at xs4all.nl writes:
>>
>>
>>> 1) netstat -an shows the following ports listening:
>>>
>>> tcp 0 0 0.0.0.0:81 0.0.0.0:*
>>> LISTEN
>>> tcp 0 0 0.0.0.0:22 0.0.0.0:*
>>> LISTEN
>>> tcp 0 0 0.0.0.0:631 0.0.0.0:*
>>> LISTEN
>>> tcp 0 0 127.0.0.1:44125 0.0.0.0:*
>>> LISTEN
>>> tcp 0 0 0.0.0.0:8000 0.0.0.0:*
>>> LISTEN
>>> tcp 0 0 0.0.0.0:8001 0.0.0.0:*
>>> LISTEN
>>> tcp 0 0 127.0.0.1:49220 0.0.0.0:*
>>> LISTEN
>>>
>>> 81 is apache (I will explain why not 80 below), 22 is ssh and 631 is
>>> cupsd.
>>>
>>> However I have no idea what is running on the other ports.
>>>
>> netstat -ntlp (as root) will tell you
>>
>>
>>> 2) my external IP address is currently 186.212.103.8.
>>> nmap shows:
>>> PORT STATE SERVICE
>>> 80/tcp open http
>>> 1863/tcp open msnp
>>> 1864/tcp open paradym-31
>>> 4443/tcp open pharos
>>> 5190/tcp open aol
>>> 5566/tcp open unknown
>>> 49152/tcp open unknown
>>>
>>> now as far as I know I am not running anything on any of the ports shown.
>>>
>> If that's still your IP address, you have a hell of a lot more than that
>> open.
>>
>>
>>> Any suggestions greatfully received....
>>>
>> Don't trust the router. Get iptables set up on your box, and block
>> everything except the traffic you want to be allowing through.
>>
>> Tet
>> --
>> Gllug mailing list - Gllug at gllug.org.uk
>> http://lists.gllug.org.uk/mailman/listinfo/gllug
>>
>>
>>
>
>
> OK, thanks for all the info.
>
> Can anybody see:
>
> http://187.113.98.222/index.html ?
>
>
>
> Salsaman.
>
>
>
>
nope. Sunday ~ 9:30pm
:(
Roger.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list