On Sun, Apr 29, 2001 at 11:38:25AM -0700, Michael Earls wrote:
> that was great info, but i do not need to masq any ips, i just need to
> limit the ports being open, i have edited inetd.conf, but there were some
> ports not listed in there. here is a port scan on my box,
>
> [EMAIL PROTECTED] mearls]# nmap -sS -sU vermeer
>
> Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
> Interesting ports on vermeer.michaelearls.com (207.86.78.22):
> (The 3092 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 25/tcp open smtp
> 69/udp filtered tftp
> 80/tcp open http
> 111/tcp open sunrpc
> 111/udp open sunrpc
> 138/udp open netbios-dgm
> 515/tcp open printer
> 517/udp open talk
> 1024/tcp open kdm
> 1025/udp open blackjack
> 1026/udp open unknown
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 1709 seconds
>
> from port 111 to 1026. I only need the first ones open, does your ipchain
> script do that without trying to masq or what do i need to change to fix
> that.
Yes you can filter without masq, and you should in your situation but you
should also learn what services your box is running and how to shut them
down. You have a web server, portmap, etc. running. If you aren't using
those at this time there really isn't a reason to run them. I sent
either you or another person on the list instructions on how to do so
using portmap as an example. You can do the same thing with many other
services. If you didn't see my post or didn't understand or I messed up
somewhere post back and let me know.
kent
--
From seeing and seeing the seeing has become so exhausted
First line of "The Panther" - R. M. Rilke
