From owner-freebsd-questions@FreeBSD.ORG Sat Feb 14 04:43:17 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D761316A4CE for ; Sat, 14 Feb 2004 04:43:17 -0800 (PST) Received: from radicalv.com (secure.radicalv.com [216.118.91.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 6954243D31 for ; Sat, 14 Feb 2004 04:43:17 -0800 (PST) (envelope-from ecrist@adtechintegrated.com) Received: (qmail 73198 invoked from network); 14 Feb 2004 12:43:13 -0000 Received: from unknown (HELO localhost.invalid) (63.228.14.245) by mail.radicalv.com with SMTP; 14 Feb 2004 12:43:13 -0000 From: Eric F Crist Organization: AdTech Integrated Systems, Inc To: FreeBSD questions List Date: Sat, 14 Feb 2004 06:42:55 -0600 User-Agent: KMail/1.6 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_gfhLAE4R9Ht/ymN"; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200402140643.12904.ecrist@adtechintegrated.com> Subject: Running processes... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ecrist@adtechintegrated.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Feb 2004 12:43:17 -0000 --Boundary-02=_gfhLAE4R9Ht/ymN Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello list, Which of the processes can I safely block from the internet via ipfw? Her= e's=20 an nmap output from one of my servers. I would really like to tame this=20 down: Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-02-14 06:41 CST Interesting ports on localhost (127.0.0.1): (The 1646 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 443/tcp open https 587/tcp open submission 783/tcp open hp-alarm-mgr 3306/tcp open mysql 6667/tcp open irc 6668/tcp open irc 9999/tcp open abyss Nmap run completed -- 1 IP address (1 host up) scanned in 9.730 seconds Port 9999 is an irc port for server connections, for anyone who's wondering= =20 what that's doing there. I mainly need to get rid of 783, 587. What are=20 those anyways? Also, what's the name of that app that basically makes all= =20 ports appear open and logs connection attempts? Thanks. =2D-=20 Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 --Boundary-02=_gfhLAE4R9Ht/ymN Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBALhfgzdyDbTMRQIYRAt2hAKCRloWIummBZg+iPZwbc754RfYcWgCfRwoh 9Eyi0nTqLM7R8GMITHMFHvA= =f2Ui -----END PGP SIGNATURE----- --Boundary-02=_gfhLAE4R9Ht/ymN--