If you're not using sunrpc or lpd, I would turn them off. The way I do it
is turn off the services (/etc/init.d/portmap stop; /etc/init.d/lpd
stop) and then edit /etc/init.d/lpd and /etc/init.d/portmap and add a
line near the top that says "exit 0" (w/o quotes) so that when you
restart, they don't come back.
Also, if you don't need telnet, turn that off by commenting out the line
starting with "telnet" in the /etc/inetd.conf file. Then restart inetd or
send a kill -HUP to it.
Addtionally, your firewall should filter all incoming tcp connection
requests except the ones you want to keep (like ssh, etc). I'm not sure
how to do that in iptables, because I use ipchains.
-rishi
On Mon, 10 Sep 2001, Tom Breza wrote:
>
> Hi
>
> I been installing firewall on iptables, and I have few questions,
> my situation is beet specyfic
> I am connecetd to internet somthing like this
>
> ----------+ +------------------+
> my network|-------+eth0 Router ppp0+----+ISP Firewall+------INTERNET
> | |with iptables |
> --------- + +------------------+
>
> I put the firwall on iptables on router, Linux box with debian
> but I can scan only via nmap from inside network or from router interfaces
> ppp0 to see what ports I have open,
>
> but my question is
>
> When I scan that way nmap -v -sS -O ppp0(I give IP address)
> then I heve some port open,
> shoud I make them filtered?!
>
> my open ports are
>
> Service| Port| State
> ------------------
> ssh | 22 | Open
> telnet | 23 | Open
> smtp | 25 | Open
> domain | 53 | Open
> pop-3 | 110 | Open
> sunrpc | 111 | Open
> printer| 515 | Open
> kdm |1024 | Open
>
>
> netstat -anp return this .....
>
> router:/home/tom# netstat -anp
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> PID/Program name
> tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN
> 509/rpc.mountd
> tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
> 491/lpd
> tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
> 485/inetd
> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
> 97/portmap
> tcp 0 0 10.16.34.56:53 0.0.0.0:* LISTEN
> 447/named
> tcp 0 0 192.168.253.254:53 0.0.0.0:* LISTEN
> 447/named
> tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
> 447/named
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> 517/sshd
> tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
> 485/inetd
> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
> 485/inetd
> tcp 0 0 192.168.253.254:22 192.168.253.20:2209
> ESTABLISHED 12226/sshd
> tcp 0 0 192.168.253.254:22 192.168.253.20:1666
> ESTABLISHED 2544/sshd
> udp 0 0 0.0.0.0:1024 0.0.0.0:*
> 447/named
> udp 0 0 0.0.0.0:2049 0.0.0.0:*
> -
> udp 0 0 0.0.0.0:1026 0.0.0.0:*
> -
> udp 0 0 0.0.0.0:1027 0.0.0.0:*
> 509/rpc.mountd
> udp 0 0 10.16.34.56:53 0.0.0.0:*
> 447/named
> udp 0 0 192.168.253.254:53 0.0.0.0:*
> 447/named
> udp 0 0 127.0.0.1:53 0.0.0.0:*
> 447/named
> udp 0 0 0.0.0.0:111 0.0.0.0:*
> 97/portmap
> Active UNIX domain sockets (servers and established)
> Proto RefCnt Flags Type State I-Node PID/Program name
> Path
> unix 2 [ ACC ] STREAM LISTENING 380 447/named
> /var/run/ndc
> unix 6 [ ] DGRAM 332 435/syslogd
> /dev/log
> unix 2 [ ACC ] STREAM LISTENING 546 491/lpd
> /dev/printer
> unix 2 [ ] DGRAM 781 540/pppd
> unix 2 [ ] DGRAM 538 491/lpd
> unix 2 [ ] DGRAM 434 460/diald
> unix 2 [ ] DGRAM 378 447/named
>
>
> what shoud I do? How can I close for example lpd ?
> or sunrpc ?
> shoud I block all this port by giving specyfic IP ?
> in man for nmap is writen:
> "... Filtered means that a firewall, filter, or
> other network obstacle is covering the port
> and preventing nmap from determining whether
> the port is open."
> if I will make filtered somehow?! can I still connect to my router via
> ssh? orother way?
> what is your advice?
>
> any sugestion will be greatfull :)
>
> siaraX
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
