From owner-freebsd-security Thu Nov 30 3:35:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 9145637B400; Thu, 30 Nov 2000 03:35:05 -0800 (PST) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id GAA42040; Thu, 30 Nov 2000 06:39:51 -0500 (EST) (envelope-from rjh@mohawk.net) Date: Thu, 30 Nov 2000 06:39:51 -0500 (EST) From: Ralph Huntington To: "Jonathan M. Slivko" Cc: John Howie , freebsd-isp@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Check out "fakebo" and "portsentry" in /usr/ports/security/ On Wed, 29 Nov 2000, Jonathan M. Slivko wrote: > I am referring to the Back Orifice, Trinoo server ports, etc. Where can I > get my hands on a list of those port #'s? or are there any utilities that > act as those servers and log all attempts in hopes of catching those users > who will no doubt try and take advantage of an open system? > > ---- > Jonathan M. Slivko > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > > On Wed, 29 Nov 2000, John Howie wrote: > > > Jonathan, > > > > Rather than denying access to certain ports on your system, and allowing > > access to the rest, you might find it easier to think in the reverse - What > > ports do I need to leave open to outside (presumably Internet) users? > > > > The answer to that question depends on the needs of your outside users. You > > will probably need to allow SSH access, and I would suggest that you get > > users to use SCP instead of FTP (unless you have a public FTP site that > > allows anonymous connections). You might also need to open up access to SMTP > > and POP3 services for mail (while ensuring that your site can't be used as a > > mail relay). DNS is another service that you might need to provide access > > to. > > > > If users need access to so-called dangerous services such as X, printer, > > NFS, NIS, SNMP, etc. then I would look for a VPN solution that brings them > > into your network through the firewall and allows them to access these > > services as an internal user. > > > > O'Reilly does a good book on Firewall Security, I suggest that you get it > > and have a read. CERT also has a good document on packet filtering > > (http://www.cert.org). Also, check the FreeBSD handbook or The Complete > > FreeBSD for more information about setting up firewalls on FreeBSD systems. > > > > Hope this helps, > > > > john... > > > > ----- Original Message ----- > > From: "Jonathan M. Slivko" > > To: > > Cc: > > Sent: Wednesday, November 29, 2000 5:23 PM > > Subject: Danger Ports > > > > > > > Can someone tell me what are the "danger" ports on FreeBSD, ports that > > > perhaps need to be blocked because they are insecure? I would like to know > > > so in the future, I can prevent outside attacks and concentrate more on > > > internal attacks, or "insider jobs" as they're called. > > > > > > ---- > > > Jonathan M. Slivko > > > Technical Support, CoreSync Corporation (http://www.coresync.net) > > > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > > > Pager/Voicemail: (917) 388-5304 > > > ---- > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message