Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Feb 2004 11:26:43 -0500
From:      "JJB" <Barbish3@adelphia.net>
To:        <ecrist@adtechintegrated.com>, "FreeBSD questions List" <freebsd-questions@freebsd.org>
Subject:   RE: Running processes...
Message-ID:  <MIEPLLIBMLEEABPDBIEGIEBFFLAA.Barbish3@adelphia.net>
In-Reply-To: <200402140643.12904.ecrist@adtechintegrated.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This port map is only showing you what ports are open to accept
start requests from the public internet. Looks like you are using
IPFW with stateless rules which just provides an  very basic level
of security. Use stateful rules with 'out' and 'via' keywords to
separate your firewall into out bound control where you allow all
these ports listed below out to the public internet. Then for the
inbound side use stateful rules with 'in' and 'via' keywords
allowing in only the ports that you have servers running on. That
will close all those listed ports to inbound availability. If you
have LAN behind your gateway and using ipfw with divert rule legacy
sub-routine call to userland Natd then stateful rules do not work
because of legacy bug in basic concept design of this process.  Use
IPFILTER, it's stateful rules work in Nated environment and as such
provides an much highter level of security than IPFW can provide in
an Nated environment.  I have IPFILTER sample rule set if you are
interested.

-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Eric F
Crist
Sent: Saturday, February 14, 2004 7:43 AM
To: FreeBSD questions List
Subject: Running processes...

Hello list,

Which of the processes can I safely block  from the internet via
ipfw?  Here's
an nmap output from one of my servers.  I would really like to tame
this
down:

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-02-14
06:41 CST
Interesting ports on localhost (127.0.0.1):
(The 1646 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
110/tcp  open  pop3
443/tcp  open  https
587/tcp  open  submission
783/tcp  open  hp-alarm-mgr
3306/tcp open  mysql
6667/tcp open  irc
6668/tcp open  irc
9999/tcp open  abyss

Nmap run completed -- 1 IP address (1 host up) scanned in 9.730
seconds

Port 9999 is an irc port for server connections, for anyone who's
wondering
what that's doing there.  I mainly need to get rid of 783, 587.
What are
those anyways?  Also, what's the name of that app that basically
makes all
ports appear open and logs connection attempts?  Thanks.
--
Eric F Crist
AdTech Integrated Systems, Inc
(612) 998-3588



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGIEBFFLAA.Barbish3>