Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???

From: Chuck Swiger (chuck_at_codefab.com)
Date: 07/22/04

  • Next message: R. DuFresne: "Re: [fw-wiz] iso 17799" 
    To: servie_platon@yahoo.com
Date: Wed, 21 Jul 2004 23:07:18 -0400

    InHisGrip wrote:
    [ ... ]

    To answer the subject, rumor has it that port 37628 is used by the nfslock
    service on some common Linux platforms (ie, Redhat). It's probably that or
    some other RPC-based service, considering that port 111 also open.

    Although it is possible something bad is using that port, I'd start by
    checking which services you have enabled. It would have helped if you had
    mentioned which version and distribution of Linux you are running, BTW.

    > Oh, by the way, just wanted to make sure because I
    > have placed the web server in a DMZ port and zone
    > from my linksys router and I think but not sure that
    > I am being shielded and protected atleast?

    Probably not, actually: a machine in the DMZ does not have the firewall rules
    protecting it, the router just forwards traffic to the DMZ host as-is.

    There are plenty of tools which will do a port scan of your network from
    outside: try using one.

    > Likewise, I have enabled advanced firewall protection on my
    > linksys router.

    I think that means you've got a stateful NAT firewall going. It's certainly
    useful and functional, but offers no protection for the DMZ host. Use
    specific port forwarding rules instead of the DMZ if you want to improve your
    security, and/or lockdown unneeded services on your Linux box. 

    -- 
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: R. DuFresne: "Re: [fw-wiz] iso 17799"

    Relevant Pages

    • RE: seeking a better understanding
      ... were to breach that port, could they do more than deface my website? ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ... use on a linux machine, and do the spot trojans as the MS ones do? ...
      (Security-Basics)
    • Re: Firewall/VPN
      ... > the ones that are DMZ capable. ... They actually have an extra Port called ... > the D-link regurdless of having as much features or even more seems to ... Most firewall devices can sense an attack ...
      (comp.security.firewalls)
    • RE: seeking a better understanding
      ... Good and ideal security should encourage you to use a dual- barrel ... non known port, NBT, known trojan, etc... ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ...
      (Security-Basics)
    • [UNIX] Linux Kernel IP Masquerading Vulnerability
      ... Linux Kernel IP Masquerading Vulnerability ... firewall as being a legitimate, ... The attacker should listen on TCP port 6667 on the specified remote host ...
      (Securiteam)
    • Re: OWA connectivity
      ... If you're using PIX on your first firewall and use Checkpoint on ... opened and hosts to which they must be opened between the DMZ and Intranet ... First though I'd like to admit I made a mistake in talking about SMTP port ... Whether or not you use a proxy server in this setup is up to ...
      (microsoft.public.exchange.admin)