From owner-freebsd-questions Thu Jun 29 13:48:15 2000 Delivered-To: freebsd-questions@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id D70A937B952 for ; Thu, 29 Jun 2000 13:48:08 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e5TKm8Q17722; Thu, 29 Jun 2000 13:48:08 -0700 (PDT) Date: Thu, 29 Jun 2000 13:48:08 -0700 From: Alfred Perlstein To: Hank Wethington Cc: BSD Subject: Re: open ports question Message-ID: <20000629134807.V275@fw.wintelcom.net> References: <20000629131811.U275@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from bsd@info-logix.com on Thu, Jun 29, 2000 at 01:40:46PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Hank Wethington [000629 13:41] wrote: > The inetd.conf file was edited over 3 months ago, the machine has had many > reboots since then. > > Forgive me for being hesitant about listing open ports. I have security for > port scans but direct access to a port. If there is a know exploit it can't > be stopped if I'm not looking on. > > the ones I currently have open are: > > 79 Finger > 111 Portmapper (in rc.conf I have portmap_enable="NO" so why is this coming > up?) > 119 NNTP which is not running as the machine is not acting as a news server > 143 IMAP, again not running that I know of > 540 UUCP > 1024 ??? > > and a few others. I can block all of them with my fire wall rules, but I'm > wondering why they're open in the first place. what does 'ps -ax' show? Are you sure you haven't installed stuff that's running out of /usr/local/etc/rc.d that may be binding to these ports? how are you determining that these ports are in fact open? -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message