RE: Stumped - ports still open...

Fri, 14 Apr 2000 09:45:40 -0700 

Login as root, then issue this command.

netstat -vpnl

See what's open with that.  That should show you what is listening on all
your ports. :)  

-----Original Message-----
From: Andr� Bell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 12, 2000 3:00 AM
To: [EMAIL PROTECTED]
Subject: Stumped - ports still open...


Ok, so now I know to close these unnecessary ports. Problem now is nmap
says I still have a ton of ports open, but when I type '/sbin/ipchains -L
-n' ipchains shows many of these very same ports set to deny as I setup.  

Why do the ports still show up as open in nmap when ipchains indicates they
should be otherwise?  How do I REALLY close these ports? I already
commented out absolutely everything in inetd.conf with exception to the
authentication line and then rebooted. Nothing else in inetd.conf is
without a leading '#' sign. Still several services like finger, telnet, and
others show as open to nmap -- and yes I can actually run telnet despite
commenting it out :(

What else should I look for that will make sure these ports are closed?

Thanks!

Andre

+++++++

If it will help here are one set of rules for my firewall and also the
complete listing of which ports nmap show as open:

A) # pmfirewall.rules.2 - used by pmfirewall package
#
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 80 -j ACCEPT
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 113 -j REJECT
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 119  -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1045 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1080 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1524 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 2000 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 2005 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 3128 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 5742 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 6000 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 6667 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 20034 -j DENY
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 40421 -j DENY


B) Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
Interesting ports on xxxxxxxxxx
Port    State       Protocol  Service
1       open        tcp        tcpmux          
11      open        tcp        systat          
15      open        tcp        netstat         
25      open        tcp        smtp            
79      open        tcp        finger          
80      open        tcp        http            
111     open        tcp        sunrpc          
113     open        tcp        auth            
119     open        tcp        nntp            
143     open        tcp        imap2           
515     open        tcp        printer         
540     open        tcp        uucp            
635     open        tcp        unknown         
1080    open        tcp        socks           
1524    open        tcp        ingreslock      
2000    open        tcp        callbook        
2005    open        tcp        deslogin        
3128    open        tcp        squid-http      
6667    open        tcp        irc             
12345   open        tcp        NetBus          
12346   open        tcp        NetBus          


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to