On Wed, Sep 04, 2002 at 06:05:52PM +0800, Ian Perez wrote: > > Hi! can anyone tell me how to close the ff port. i did an nmap and this > > came up: > > > > 32774/tcp open sometimes-rpc11 > > > > looks like trouble :) > > netfilter? > > iptables -A INPUT -s 0/0 -p TCP --dport 32774 -j DROP > > or > > ipchains -A input -s 0/0 -p TCP -d 32774 -j REJECT
Uhh... not quite perfect, IMHO. Go to the root of the problem, and shut down the daemon if it's not needed. If it has to stay up, but should not be accessible to the outside world, that's the only time you do "crutch work" using the firewall software. See Ian Sison's post[1] for more details. [1] http://marc.free.net.ph/message/Pine.LNX.4.33L2.0208312323250.21850-100000%40jeprox.qsr.com.ph.html To find out which process is listening on port 32774: # netstat -lnp | grep 32774 Find out what it is. It's probably related to NFS, and if my memory serves me right, the port number changes on every daemon reload. Hopefully this program understands tcpwrappers, in which case /etc/hosts.{allow,deny} should tell it whether or not to entertain messages from outside. What I've found to help, aside from this fundamental task of only running secure daemons and running them properly configured, is to use IPTables (or probably ipchains) to do a deny-by-default. Documentation on this exist in the netfilter site. This allows me to cover up for daemons that change ports on every reload, especially those related to NFS, only having open the ports that I know I need to keep open. I can't go without stressing that each of these (reachable-from-outside) programs must be checked regularly to ensure that they do not have unpatched known exploits. --> Jijo -- Federico Sevilla III : http://jijo.free.net.ph Network Administrator : The Leather Collection, Inc. GnuPG Key ID : 0x93B746BE _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
