Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???

From: Chuck Swiger (chuck_at_codefab.com)
Date: 07/22/04

  • Next message: R. DuFresne: "Re: [fw-wiz] iso 17799"
    To: servie_platon@yahoo.com
    Date: Wed, 21 Jul 2004 23:07:18 -0400
    
    

    InHisGrip wrote:
    [ ... ]

    To answer the subject, rumor has it that port 37628 is used by the nfslock
    service on some common Linux platforms (ie, Redhat). It's probably that or
    some other RPC-based service, considering that port 111 also open.

    Although it is possible something bad is using that port, I'd start by
    checking which services you have enabled. It would have helped if you had
    mentioned which version and distribution of Linux you are running, BTW.

    > Oh, by the way, just wanted to make sure because I
    > have placed the web server in a DMZ port and zone
    > from my linksys router and I think but not sure that
    > I am being shielded and protected atleast?

    Probably not, actually: a machine in the DMZ does not have the firewall rules
    protecting it, the router just forwards traffic to the DMZ host as-is.

    There are plenty of tools which will do a port scan of your network from
    outside: try using one.

    > Likewise, I have enabled advanced firewall protection on my
    > linksys router.

    I think that means you've got a stateful NAT firewall going. It's certainly
    useful and functional, but offers no protection for the DMZ host. Use
    specific port forwarding rules instead of the DMZ if you want to improve your
    security, and/or lockdown unneeded services on your Linux box.

    -- 
    -Chuck
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: R. DuFresne: "Re: [fw-wiz] iso 17799"

    Relevant Pages

    • RE: seeking a better understanding
      ... were to breach that port, could they do more than deface my website? ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ... use on a linux machine, and do the spot trojans as the MS ones do? ...
      (Security-Basics)
    • Re: seeking a better understanding
      ... > were to breach that port, could they do more than deface my website? ... Other boxes are Linux. ... I know this is a firewall, but I don't think it is like the ... > use on a linux machine, and do the spot trojans as the MS ones do? ...
      (Security-Basics)
    • RE: seeking a better understanding
      ... were to breach that port, could they do more than deface my website? ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ... use on a linux machine, and do the spot trojans as the MS ones do? ...
      (Security-Basics)
    • Re: Firewall/VPN
      ... > the ones that are DMZ capable. ... They actually have an extra Port called ... > the D-link regurdless of having as much features or even more seems to ... Most firewall devices can sense an attack ...
      (comp.security.firewalls)
    • RE: seeking a better understanding
      ... Good and ideal security should encourage you to use a dual- barrel ... non known port, NBT, known trojan, etc... ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ...
      (Security-Basics)