you might want to add up -u in the netstat command to see udp's open ports On Tuesday 18 February 2003 14:52, Ian C. Sison wrote: > On 18 Feb 2003, Marvin Pascual wrote: > > On Mon, 2003-02-17 at 16:10, Allen Umlas wrote: > > > Fellow Pluggers, > > > I encountered twice been hacked by someone outside my network, > > > What port usually crakers entered to system? what are thing usually > > > things that hackers do? I used ipchains as my firewall but it useless. > > > How can i check my server and block those ports that are common to > > > hackers... I hope i can gain more answers here. > > > > Ian Sison gave me this command to check the open ports. > > > > # chkconfig --list > > > > All "on" status are the running ports/services. You need to set the > > unnecessary and you don't need ports/services to "off" > > > > To check the running ports/services on runlevel 3: > > > > # chkconfig --list | grep 3:on > > Well.. not exactly open ports, but programs that run on startup. These > may include non-daemon programs like 'rawdevices' or 'kudzu' or 'keytable' > some of which to me are superflous programs. Redhat installs a lot of > these programs to startup by default, and the best rule is to strip it > down to the basic set of three (listed below) and one by one enable ONLY > the ones that you will be needing for your service. > > > In general all i keep running after a distro install is: > > 1. ssh > 2. crond > 3. syslogd > > which ends up with a system with only port 22 open. I could further limit > that open port via an iptables input filter to accept connections from > only one ip. > > To know what programs are running / listening for IP port connections, i > do any one of the following: > > netstat -nap | grep LISTEN > socklist > nmap > > I'd suggest also some other programs such as > > nessus (from another machine) > chkrootkit > > which are necessary if you want to see if there are trojans listening on > other ports. > > Ian > > > > _ > Philippine Linux Users Group. Web site and archives at > http://plug.linux.org.ph To leave: send "unsubscribe" in the body to > [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at > http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to > [EMAIL PROTECTED] > > > This message has been scanned for viruses by WebShield E500!
-- Alben Benavente Alteza Information Systems Security Administration Information Systems Dept./ Philippine Airlines _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
