Re: Closing port
From: S. Khademi (khademi@cc.iut.ac.ir)Date: 11/07/02
- Previous message: Chuck Peters: "Re: Editing /etc/passwd as a non-root user"
- In reply to: Damon Brinkley: "Re: Closing port"
- Next in thread: Patrick \: "Re: Closing port"
- Next in thread: S. Khademi: "Re: Closing port"
- Next in thread: Toby Bearden: "Re: Closing port"
- Next in thread: BUNTER MATTHEW: "Re: Keyword Sanitization"
- Reply: Patrick \: "Re: Closing port"
- Reply: Damon Brinkley: "Re: Closing port"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 7 Nov 2002 23:30:08 +0330 (IRT) From: "S. Khademi" <khademi@cc.iut.ac.ir> To: <security-discuss@linuxsecurity.com>
I use ipchains, what command I should add to this file?
On 7 Nov 2002, Damon Brinkley wrote:
> You need to find out what process is listening on that port and stop
> it. Otherwise setup Iptables to block connections to that port.
>
> Damon
>
> On Thu, 2002-11-07 at 14:50, S. Khademi wrote:
> > Dear friend.
> >
> > Recently one of my server attack by a person, he make a direstory in my
> > /dev/ida/ path with .sys/aw name, I see open ports in my machine by nmap
> > command and I see:
> >
> > Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
> > Interesting ports on cisgate.iut.ac.ir (213.29.206.17):
> > (The 1531 ports scanned but not shown below are in state: closed)
> > Port State Service
> > 22/tcp open ssh
> > 25/tcp open smtp
> > 80/tcp open http
> > 111/tcp open sunrpc
> > 443/tcp open https
> > 515/tcp open printer
> > 993/tcp open imaps
> > 995/tcp open pop3s
> > 3128/tcp open squid-http
> > 6000/tcp open X11
> > 32774/tcp open sometimes-rpc11
> >
> > I don't know anything about sometimes-rpc11 port, and I don't know about
> > this, How I can close this port, and what I must do for keep my server
> > from attacking???
> > And I want know how he attack my server.
> > Ps. My OS is linux redhat 7.2
> > By regards khademi
> >
> > --
> > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
> > Soheila Khademi
> > e-mail: khademy@yahoo.com
> > soheila@maniac.sdc.uwo.ca
> > Network Admin khademi@cc.iut.ac.ir
> > Network Services
> > Center For Information Services (CIS) http://www.iut.ac.ir
> > Isfahan University of Technology (IUT) Tel: 98 311 3915840-1,45
> > Isfahan, IRAN Fax: 98 311 3915805
> > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> > To unsubscribe email security-discuss-request@linuxsecurity.com
> > with "unsubscribe" in the subject of the message.
> >
> >
>
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
--
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Soheila Khademi
e-mail: khademy@yahoo.com
soheila@maniac.sdc.uwo.ca
Network Admin khademi@cc.iut.ac.ir
Network Services
Center For Information Services (CIS) http://www.iut.ac.ir
Isfahan University of Technology (IUT) Tel: 98 311 3915840-1,45
Isfahan, IRAN Fax: 98 311 3915805
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
- Previous message: Chuck Peters: "Re: Editing /etc/passwd as a non-root user"
- In reply to: Damon Brinkley: "Re: Closing port"
- Next in thread: Patrick \: "Re: Closing port"
- Next in thread: S. Khademi: "Re: Closing port"
- Next in thread: Toby Bearden: "Re: Closing port"
- Next in thread: BUNTER MATTHEW: "Re: Keyword Sanitization"
- Reply: Patrick \: "Re: Closing port"
- Reply: Damon Brinkley: "Re: Closing port"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
