Re: open ports question (nmap scan)
From: John Thompson (john_at_vector.os2.dhs.org)
Date: Mon, 18 Jul 2005 03:05:08 GMT
On 2005-07-17, Proteus <firstname.lastname@example.org> wrote:
> I am a newbie at linux security, could use some mentoring on a basic
> question-- what do some of the open ports (services) below (from running
> nmap) belong to (i.e are they valid or should they be closed somehow and if
> so HOW?). I understand ssh and ipp, but I have no idea what sunrpc,
> hp-alarm-mgr, unknown (self explanatory I guess, but should it be kept
> open?), and snet-sensor-mgmt are. This is a home office PC with a LAN and
> Linksys router. Running Mandrake Linux 9.2 I do use SSH so I want that
If you don't know what the port is open for, you may as well shut it down.
If that breaks something, re-enable it and check the program that broke
to make sure you've secured it properly..
> Related to this, if a port like 22 must be open for SSH, wouldn't a cracker
> know to use that port, what would stop a cracker from getting in through
> that or any other open port?
There are a number of ways to secure open ports without disabling the
services behind them. First, make sure you stay up to date on those
services by tracking the security lists. Maintain a secure password
policy -- no dictionary words, enforce password expiration, etc. Some
programs, e.g. sshd, can be configured to only accept connections for
certain users, or to use keys instad of passwords. This severely restricts
what a cracker can do. Use tcp-wrappers and xinetd where possible to
restrict ip addresses from which connections can be made. Use iptables to
configure your firewall.
-- John (email@example.com)