Cory Petkovsek wrote:
> Nmap is a great tool to see what is open.
> Saint/Satan do not secure anything, they are only analysis tools.
>
> Get nmap (www.insecure.org). Run it on yourself:
> nmap -v 127.0.0.1
> This will show you something like:
> Port State Service
> 21 open ftp
> 23 open telnet
> 80 open http
> 31337 open Elite
You can get the same info from netstat, which is already installed.
% netstat -a --inet
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:8000 *:* LISTEN
tcp 0 0 *:afpovertcp *:* LISTEN
tcp 0 0 *:6000 *:* LISTEN
That says I'm running an HTTP proxy for localhost only, an AFP
(AppleTalk Filing Protocol(?)) server, and an X server. (I deleted
more entries; those three are enough to demonstrate.)
To map ports to processes, use lsof (list open files), which is
probably also installed.
# lsof -i | grep afp
afpd 879 root 0u inet 1096 TCP *:afpovertcp (LISTEN)
Run lsof as root; it doesn't let ordinary users see processes they
don't own. You can run netstat as any user.
Satan/Saint are useful if you're a network administrator and you need
to check the security of a bunch of machines. But nmap works well in
that case too.
Has anybody read Bruce Schneier's new book, Secrets and Lies? I
bought it, but haven't had much reading time lately.
--
K<bob>
[EMAIL PROTECTED], http://www.jogger-egg.com/
