Date: Wed, 17 May 2000 21:25:52 +0100 From: Mark Ovens <mark@ukug.uk.freebsd.org> To: Rob <robert@namodn.com> Cc: questions@freebsd.org Subject: Re: Is port scanning a problem? Message-ID: <20000517212552.I232@parish> In-Reply-To: <20000517040133.A14908@theo.namodn.com>; from robert@namodn.com on Wed, May 17, 2000 at 04:01:33AM -0700 References: <20000516203849.A1491@parish> <20000517141125.A79652@physics.iisc.ernet.in> <20000517040133.A14908@theo.namodn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 17, 2000 at 04:01:33AM -0700, Rob wrote: > Hi Rahul, > > > Well, you have fingerd running.. > > Any particularly good reason? > Guess not, it's just FreeBSD "out of the box". Do I stop fingerd running by commenting out the finger entries in /etc/inetd.conf? BTW, why does fingerd not show up with ``ps -ax''? > The only real issue there is that > people can guess at usernames without > triggering any alarms. > > login has slowdown tricks that make > it difficult enough to brute force, > but if you know a valid username you > are at least half there ( paranoia.. ) > > Get nmap, it's in the ports under security. > There's other stuff you probly don't wanna > run except under tight control, like rsh/rexec > etc. > > You most definitely will get port scanned at > one time or another if you are using a public > IP address that is owned by an ISP ( DSL is > worse.. ) > > There are alot of automated scripts out > there that portscan, queso ( try to > figure out operating system/version ) > and try known exploits on open ports. > > Might as well not risk it if you > are not using all the services you run. > > I generally run sshd and whatever service(s) the box > is to perform ( generally one on servers, but my home > machine has to be stretched a bit farther.. :) > > Which does bring to mind, why does sshd by default > only ask for a password when a user account exists? > Seems to open up the aforementioned fingerd prob... > > > Rob > ( Namodn ) > > > On Wed, May 17, 2000 at 02:11:25PM +0530, Rahul Siddharthan wrote: > > > My ISP's support newsgroup has lots of threads about "port scanning". > > > Most of the people there are Windozers and since I've never heard any > > > mention of it here I assume that it is a Windows vulnerability and not > > > an issue if I connect only from FreeBSD. Is this correct? > > > > > > I checked out Steve Gibson's site (http://wrc.com) which has a test > > > program to check the vulnerability of your machine. The only thing > > > that showed up in my logs when I ran this was in /var/log/messages: > > > > > > May 16 20:23:18 parish inetd[96]: /usr/libexec/fingerd[1438]: exit status 0x100 > > > > Port scanning just means checking by brute force which ports are open > > on your machine, afaik. The portscanner you ran probably tried the > > fingerd port too -- every time someone fingers someone on your machine > > from outside you'll get that message in /var/log/messages. > > > > Again, afaik, it is an issue only in that the services you run (httpd, > > ftpd, sendmail etc) could have security problems which could enable an > > attacker to get root access. Many machines have a lot of services > > enabled by default which you don't really need. A portscanner will > > tell you which ports are open on your machine so that you can close > > everything non-essential. You should portscan your machine before > > an attacker does. > > > > If there's more to it than that, maybe someone else will tell you > > about it... > > > > R. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- ...and on the eighth day God created UNIX ________________________________________________________________ FreeBSD - The Power To Serve http://www.freebsd.org My Webpage http://ukug.uk.freebsd.org/~mark/ mailto:mark@ukug.uk.freebsd.org http://www.radan.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000517212552.I232>