Try stripping out yer rc.d files, comment out all unnessecary services
that start on reboot, /etc/inetd.conf does not control everything. Also,
make sure you block things from the outside interface that you need to
start for the local net but do not want others from the outside to play
on.
thanks,
Ron DuFresne
On Wed, 12 Apr 2000, Andr� Bell wrote:
> Ok, so now I know to close these unnecessary ports. Problem now is nmap
> says I still have a ton of ports open, but when I type '/sbin/ipchains -L
> -n' ipchains shows many of these very same ports set to deny as I setup.
>
> Why do the ports still show up as open in nmap when ipchains indicates they
> should be otherwise? How do I REALLY close these ports? I already
> commented out absolutely everything in inetd.conf with exception to the
> authentication line and then rebooted. Nothing else in inetd.conf is
> without a leading '#' sign. Still several services like finger, telnet, and
> others show as open to nmap -- and yes I can actually run telnet despite
> commenting it out :(
>
> What else should I look for that will make sure these ports are closed?
>
> Thanks!
>
> Andre
>
> +++++++
>
> If it will help here are one set of rules for my firewall and also the
> complete listing of which ports nmap show as open:
>
> A) # pmfirewall.rules.2 - used by pmfirewall package
> #
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 80 -j ACCEPT
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 113 -j REJECT
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 119 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1045 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1080 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1524 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 2000 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 2005 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 3128 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 5742 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 6000 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 6667 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 20034 -j DENY
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 40421 -j DENY
>
>
> B) Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
> Interesting ports on xxxxxxxxxx
> Port State Protocol Service
> 1 open tcp tcpmux
> 11 open tcp systat
> 15 open tcp netstat
> 25 open tcp smtp
> 79 open tcp finger
> 80 open tcp http
> 111 open tcp sunrpc
> 113 open tcp auth
> 119 open tcp nntp
> 143 open tcp imap2
> 515 open tcp printer
> 540 open tcp uucp
> 635 open tcp unknown
> 1080 open tcp socks
> 1524 open tcp ingreslock
> 2000 open tcp callbook
> 2005 open tcp deslogin
> 3128 open tcp squid-http
> 6667 open tcp irc
> 12345 open tcp NetBus
> 12346 open tcp NetBus
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
