Hi Simon, > I have run a portscan from outside the box now and these are the results. > (Took me long enough...) > > xxx.xx.xx.xxx :13782 - bpcd -- open > xxx.xx.xx.xxx :13722 - bpjava-msvc -- open
the above two are for Veritas. > xxx.xx.xx.xxx :3306 - mysql -- open MySQL, as it says. > xxx.xx.xx.xxx :3001 - nessusd -- open > xxx.xx.xx.xxx :3000 - hbci -- open Chili!Soft ASP > xxx.xx.xx.xxx :444 - snpp -- open > xxx.xx.xx.xxx :81 - hosts2-ns -- open > xxx.xx.xx.xxx :80 - http -- open The above three are for HTTP and Admin interface. > xxx.xx.xx.xxx :143 - imap -- open > xxx.xx.xx.xxx :110 - pop-3 -- open > xxx.xx.xx.xxx :25 - smtp -- open Above three are for Email, as it says. > xxx.xx.xx.xxx :53 - domain -- open DNS > xxx.xx.xx.xxx :21 - ftp -- open FTP, as it says. > xxx.xx.xx.xxx :52 - xns-time -- open NOT (!!) normal. I'd inspect that one closer. Also, check if all of the above other services are enabled in your Admin interface. For instance: If your "Services" tab in the admin interface says, ASP is not activated, but you have ports 3001 and 3000 open, then this mismatch should cause concerns. Port 52 defenitely is suspicious. I wouldn't wonder if that's a hidden SSH daemon or other method of entry for unfriendly visitors. I do this stuff for a living and I could (free of charge) take an inside look at your machine and let you know what I find. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
