Why open? How do I close?

• Previous message: Patrick Lamb: "Re: new unpublished SSH exploit ?"
• Next in thread: Jean-Pierre Menicucci: "Re: Why open? How do I close?"
• Reply: Jean-Pierre Menicucci: "Re: Why open? How do I close?"
• Reply: Binarym: "Re: Why open? How do I close?"
• Reply: Silviu Minut: "Re: Why open? How do I close?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 17 Sep 2003 19:49:53 -0700

I am running redhat 9 using their standard firewall. I thought that
only the ports I explicitly opened would be open. In addition to the
ones that I did open an online security scan has found the following
ports open.

TCP
111
113
139
143
443
688
696
709
879
901
935

I don't understand why these ports are open? How do I lock them down?

I expicitly left port 153 open to udp so that my dns would update my
secondary.
But the scan shows no ports open for udp.

****************
This is my iptables file:

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 119 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j
REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT
************

I know this is a fairly primative firewall that has other problems,
but why is it not doing what it is supposed to?
I think there are some basics I am misunderstanding.
Can someone point me in the right direction?

Thanks

• Previous message: Patrick Lamb: "Re: new unpublished SSH exploit ?"
• Next in thread: Jean-Pierre Menicucci: "Re: Why open? How do I close?"
• Reply: Jean-Pierre Menicucci: "Re: Why open? How do I close?"
• Reply: Binarym: "Re: Why open? How do I close?"
• Reply: Silviu Minut: "Re: Why open? How do I close?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]