Re: Open ports..

From: Craig Sanders (no email)
Date: Wed Oct 01 2003 - 21:59:31 EDT

• Next message: Keith Matthews: "Re: mysql support won't work--but no errors"
• Previous message: Dapid Candra: "/dev/null for MX"
• Maybe in reply to: Patrick Ben Koetter: "Re: Open ports.."
• Next in thread: Lydiard: "RE: Open ports.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, Oct 01, 2003 at 10:36:48AM +0200, Sascha Lucas wrote:
> Hi Patrick,
>
> BTW: you can identify the process that's listening on TCP/IP port
>
> 1. (Wietse wrote it before)
>
> Use "netstat -nl --inet" to see what ports are listennig (if you use
> nmap like before, it is possible that you see not realy whats on your
> machine. you see what your iprules do)

or run "netstat -l --inet -p" to see which programs are listening on
which ports.

e.g. on one of my web servers:

# netstat -l --inet -p
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:time *:* LISTEN 17736/inetd
tcp 0 0 *:rsync *:* LISTEN 17736/inetd
tcp 0 0 *:discard *:* LISTEN 17736/inetd
tcp 0 0 *:daytime *:* LISTEN 17736/inetd
tcp 0 0 *:www *:* LISTEN 19930/apache
tcp 0 0 *:auth *:* LISTEN 17736/inetd
tcp 0 0 *:ftp *:* LISTEN 20282/proftpd: (acc
tcp 0 0 *:ssh *:* LISTEN 19911/sshd
tcp 0 0 *:telnet *:* LISTEN 17736/inetd
tcp 0 0 *:postgresql *:* LISTEN 614/postmaster
tcp 0 0 *:smtp *:* LISTEN 20641/master
tcp 0 0 *:https *:* LISTEN 19930/apache
udp 0 0 *:discard *:* 17736/inetd
udp 0 0 localhost:domain *:* 658/maradns
udp 0 0 *:amanda *:* 17736/inetd

it is worth running this on all your machines and making note of exactly what
is running on them and why. if you don't know why a service is running, then
it is a good idea to disable it until you do, and until you've eliminated it as
a potential security hole. i.e. run only what you need AND understand.

craig

PS: yes, i know that telnet is evil...but this is telnetd-ssl and is configured
to allow only ssl-encrypted telnet connections and only from a small list of
known clients. it is there as a another way to access the machine in case ssh
ever dies (which used to happen occasionally years ago, but hasn't happened for
ages). there are also firewall rules on the host itself and on the border
routers blocking telnet from unauthorised locations (ditto for other services
like postgresql and ssh). i.e. there are multiple levels of protection against
exploitation of potentially dangerous services.

• Next message: Keith Matthews: "Re: mysql support won't work--but no errors"
• Previous message: Dapid Candra: "/dev/null for MX"
• Maybe in reply to: Patrick Ben Koetter: "Re: Open ports.."
• Next in thread: Lydiard: "RE: Open ports.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]