Remember that scanners such as nmap do not by default scan all possible ports, as that would be quite time consuming. It is a better idea to run portsentry on common ports (check nmap's services file), or you will find yourself with one damn big logfile quite fast.
Erik Tayler On Wednesday 26 December 2001 10:10 am, Robert Clark wrote: > Remember that the system has 65536 virtual ports available, so I would > recommend running portsentry on ALL of the ports. > Robert Clark > MCSE, MCP+I, MCP, A+ > MIS - Texas Cellular > > > -----Original Message----- > > From: James Nobles [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 20, 2001 10:09 PM > > To: [EMAIL PROTECTED] > > Subject: first attempt at security > > > > > > > > > > Hmmm...I'm trying to setup some security on my box > > > > having moved from dial-up to dsl.I'm using Red Hat > > > > 7.1 and i have > > > > portsentry running set for ports 1-500 i > > > > believe?Also a simple > > > > set of iptable rules that turns off echoing and > > > > forwarding.I have edited the /etc/services > > > > file.Now...when i do netstat -a i get the output > > > > below.Is this normal? All these tcp ports > > > > listening doesn't seem right or is it? Thanks in > > > > advance. > > > > > > > > > > > > Active Internet connections (servers and > > > > established) > > > > Proto Recv-Q Send-Q Local Address > > > > Foreign Address State > > > > tcp 0 0 *:1 > > > > *:* LISTEN > > > > tcp 0 0 *:20034 > > > > *:* LISTEN > > > > tcp 0 0 *:printer > > > > *:* LISTEN > > > > tcp 0 0 *:32771 > > > > *:* LISTEN > > > > tcp 0 0 *:32772 > > > > *:* LISTEN > > > > tcp 0 0 *:40421 > > > > *:* LISTEN > > > > tcp 0 0 *:32773 > > > > *:* LISTEN > > > > tcp 0 0 *:32774 > > > > *:* LISTEN > > > > tcp 0 0 *:31337 > > > > *:* LISTEN > > > > tcp 0 0 *:6667 > > > > *:* LISTEN > > > > tcp 0 0 *:11 > > > > *:* LISTEN > > > > tcp 0 0 *:5742 > > > > *:* LISTEN > > > > tcp 0 0 *:143 > > > > *:* LISTEN > > > > tcp 0 0 *:netstat > > > > *:* LISTEN > > > > tcp 0 0 *:x11 > > > > *:* LISTEN > > > > tcp 0 0 *:54320 > > > > *:* LISTEN > > > > tcp 0 0 *:2000 > > > > *:* LISTEN > > > > tcp 0 0 *:1524 > > > > *:* LISTEN > > > > > > > > tcp 0 0 *:socks > > > > *:* LISTEN > > > > tcp 0 0 *:12345 > > > > *:* LISTEN > > > > tcp 0 0 *:12346 > > > > *:* LISTEN > > > > tcp 0 0 *:635 > > > > *:* LISTEN > > > > tcp 0 0 *:49724 > > > > *:* LISTEN > > > > tcp 0 0 *:uucp > > > > *:* LISTEN > > > > udp 0 0 *:640 > > > > *:* > > > > udp 0 0 *:641 > > > > *:* > > > > udp 0 0 *:who > > > > *:* > > > > udp 0 0 *:1 > > > > *:* > > > > udp 0 0 *:32770 > > > > *:* > > > > udp 0 0 *:32771 > > > > *:* > > > > udp 0 0 *:32772 > > > > *:* > > > > udp 0 0 *:32773 > > > > *:* > > > > udp 0 0 *:32774 > > > > *:* > > > > udp 0 0 *:54321 > > > > *:* > > > > udp 0 0 *:700 > > > > *:* > > > > udp 0 0 *:31337 > > > > *:* > > > > udp 0 0 *:635 > > > > *:* > > > > raw 0 0 *:tcp > > > > *:* 7 > > > > raw 0 0 *:udp > > > > *:* 7
