Running processes...
JJB
Barbish3 at adelphia.net
Sat Feb 14 08:26:45 PST 2004
This port map is only showing you what ports are open to accept
start requests from the public internet. Looks like you are using
IPFW with stateless rules which just provides an very basic level
of security. Use stateful rules with 'out' and 'via' keywords to
separate your firewall into out bound control where you allow all
these ports listed below out to the public internet. Then for the
inbound side use stateful rules with 'in' and 'via' keywords
allowing in only the ports that you have servers running on. That
will close all those listed ports to inbound availability. If you
have LAN behind your gateway and using ipfw with divert rule legacy
sub-routine call to userland Natd then stateful rules do not work
because of legacy bug in basic concept design of this process. Use
IPFILTER, it's stateful rules work in Nated environment and as such
provides an much highter level of security than IPFW can provide in
an Nated environment. I have IPFILTER sample rule set if you are
interested.
-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Eric F
Crist
Sent: Saturday, February 14, 2004 7:43 AM
To: FreeBSD questions List
Subject: Running processes...
Hello list,
Which of the processes can I safely block from the internet via
ipfw? Here's
an nmap output from one of my servers. I would really like to tame
this
down:
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-02-14
06:41 CST
Interesting ports on localhost (127.0.0.1):
(The 1646 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
443/tcp open https
587/tcp open submission
783/tcp open hp-alarm-mgr
3306/tcp open mysql
6667/tcp open irc
6668/tcp open irc
9999/tcp open abyss
Nmap run completed -- 1 IP address (1 host up) scanned in 9.730
seconds
Port 9999 is an irc port for server connections, for anyone who's
wondering
what that's doing there. I mainly need to get rid of 783, 587.
What are
those anyways? Also, what's the name of that app that basically
makes all
ports appear open and logs connection attempts? Thanks.
--
Eric F Crist
AdTech Integrated Systems, Inc
(612) 998-3588
More information about the freebsd-questions
mailing list