NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-Sun> 2000-q3

Subject: Re: closing network ports
From: Eric Sherrill (sherrillTI.COM)
Date: Wed Jul 12 2000 - 18:58:49 CDT

Next message: munch munch: "rootless NIS passwd maps"
Previous message: Paul B. Henson: "X security"
In reply to: Derrick Daugherty: "Re: closing network ports"
Next in thread: Sameer Mohbe: "Re: closing network ports"
Reply: Eric Sherrill: "Re: closing network ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Also don't forget if you're running NIS or NIS+ to check the services maps
(e.g. ypcat -k services) and/or use only "services: files" in your
/etc/nsswitch.conf (I believe that is the default but check anyway). Of
course you probably shouldn't be running either (especially NIS) on an
internet-exposed host IMHO ;-).

-- Eric R. Sherrill, WF Software Systems Engineer Texas Instruments HFAB1 Automation Systems Stafford, TX 77477-3006 281-274-4133

-----Original Message----- From: Focus on Sun Mailing List [mailto:FOCUS-SUNSECURITYFOCUS.COM]On Behalf Of Derrick Daugherty Sent: Wednesday, July 12, 2000 12:03 PM To: FOCUS-SUNSECURITYFOCUS.COM Subject: Re: closing network ports

You can use netstat -a to map back to your /etc/services file and that might give you a clue of what services are running. Most scanners would do a similar lookup. `lsof` will allow you to find out the local pid of the process bound to the socket.

lsof -i tcp:25 will print out all services bound to the smtp port

$ lsof -i tcp:22 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME ssh1 4409 root 3u IPv4 1026235888 TCP tachyon.pointone.com:1023->somehost.pointone.com:ssh (ESTABLISHED)

Some version of fuser will as well ( fuser smtp/tcp would show you all process etc).

HTH -D

It's rumored that around Tue, Jul 11, 2000 at 11:57:49PM -0400 Alan Rubin <rubinEZY.NET> wrote: > What is the process for closing UDP and TCP ports that are not listened > for in inetd.conf and other known daemons, but appear to be open after > doing a network scan? This is on a Sol 2.6 Ultra 10. > > Alan Rubin > rubinezy.net > > _________________ > *Alan Rubin* > Sun/Unix/Networking/ISP/Web Writing > Email:rubinezy.net

-- . . .................... .. . .. .................... . . : Derrick Daugherty .:. 512.381.8952 : : Point One Telecommunications : : UNIX/Security Administration ddaughertypointone.com : :..............home is where the console is.................:

Next message: munch munch: "rootless NIS passwd maps"
Previous message: Paul B. Henson: "X security"
In reply to: Derrick Daugherty: "Re: closing network ports"
Next in thread: Sameer Mohbe: "Re: closing network ports"
Reply: Eric Sherrill: "Re: closing network ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]