Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???

From: Chuck Swiger (chuck_at_codefab.com)
Date: 07/22/04

  • Next message: R. DuFresne: "Re: [fw-wiz] iso 17799"
    To: servie_platon@yahoo.com
    Date: Wed, 21 Jul 2004 23:07:18 -0400
    
    

    InHisGrip wrote:
    [ ... ]

    To answer the subject, rumor has it that port 37628 is used by the nfslock
    service on some common Linux platforms (ie, Redhat). It's probably that or
    some other RPC-based service, considering that port 111 also open.

    Although it is possible something bad is using that port, I'd start by
    checking which services you have enabled. It would have helped if you had
    mentioned which version and distribution of Linux you are running, BTW.

    > Oh, by the way, just wanted to make sure because I
    > have placed the web server in a DMZ port and zone
    > from my linksys router and I think but not sure that
    > I am being shielded and protected atleast?

    Probably not, actually: a machine in the DMZ does not have the firewall rules
    protecting it, the router just forwards traffic to the DMZ host as-is.

    There are plenty of tools which will do a port scan of your network from
    outside: try using one.

    > Likewise, I have enabled advanced firewall protection on my
    > linksys router.

    I think that means you've got a stateful NAT firewall going. It's certainly
    useful and functional, but offers no protection for the DMZ host. Use
    specific port forwarding rules instead of the DMZ if you want to improve your
    security, and/or lockdown unneeded services on your Linux box.

    -- 
    -Chuck
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: R. DuFresne: "Re: [fw-wiz] iso 17799"