On 18 Feb 2003, Marvin Pascual wrote: > On Mon, 2003-02-17 at 16:10, Allen Umlas wrote: > > Fellow Pluggers, > > I encountered twice been hacked by someone outside my network, What > > port usually crakers entered to system? what are thing usually things that > > hackers do? I used ipchains as my firewall but it useless. How can i check > > my server and block those ports that are common to hackers... I hope i can > > gain more answers here. > > Ian Sison gave me this command to check the open ports. > > # chkconfig --list > > All "on" status are the running ports/services. You need to set the > unnecessary and you don't need ports/services to "off" > > To check the running ports/services on runlevel 3: > > # chkconfig --list | grep 3:on >
Well.. not exactly open ports, but programs that run on startup. These may include non-daemon programs like 'rawdevices' or 'kudzu' or 'keytable' some of which to me are superflous programs. Redhat installs a lot of these programs to startup by default, and the best rule is to strip it down to the basic set of three (listed below) and one by one enable ONLY the ones that you will be needing for your service. In general all i keep running after a distro install is: 1. ssh 2. crond 3. syslogd which ends up with a system with only port 22 open. I could further limit that open port via an iptables input filter to accept connections from only one ip. To know what programs are running / listening for IP port connections, i do any one of the following: netstat -nap | grep LISTEN socklist nmap I'd suggest also some other programs such as nessus (from another machine) chkrootkit which are necessary if you want to see if there are trojans listening on other ports. Ian _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
