From owner-freebsd-security Thu Nov 30 15: 3:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from aurora.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 958EB37B400; Thu, 30 Nov 2000 15:03:36 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by aurora.scoop.co.nz (8.9.3/8.9.3) with SMTP id MAA03519; Fri, 1 Dec 2000 12:03:14 +1300 (NZDT) Date: Fri, 1 Dec 2000 12:03:14 +1300 (NZDT) From: Andrew McNaughton Reply-To: andrew@scoop.co.nz To: "Jonathan M. Slivko" Cc: John Howie , freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Back Orifice et al are only dangerous ports if you are listening to those ports. Seems unlikely you'd do that under FreeBSD. You might want to block packets to these ports on other machines of course, but that has nothing to do with FreeBSD's security. Andrew McNaughton On Wed, 29 Nov 2000, Jonathan M. Slivko wrote: > Date: Wed, 29 Nov 2000 19:08:09 -0700 (MST) > From: "Jonathan M. Slivko" > To: John Howie > Cc: freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG > Subject: Re: Danger Ports > > I am referring to the Back Orifice, Trinoo server ports, etc. Where can I > get my hands on a list of those port #'s? or are there any utilities that > act as those servers and log all attempts in hopes of catching those users > who will no doubt try and take advantage of an open system? > > ---- > Jonathan M. Slivko > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > > On Wed, 29 Nov 2000, John Howie wrote: > > > Jonathan, > > > > Rather than denying access to certain ports on your system, and allowing > > access to the rest, you might find it easier to think in the reverse - What > > ports do I need to leave open to outside (presumably Internet) users? > > > > The answer to that question depends on the needs of your outside users. You > > will probably need to allow SSH access, and I would suggest that you get > > users to use SCP instead of FTP (unless you have a public FTP site that > > allows anonymous connections). You might also need to open up access to SMTP > > and POP3 services for mail (while ensuring that your site can't be used as a > > mail relay). DNS is another service that you might need to provide access > > to. > > > > If users need access to so-called dangerous services such as X, printer, > > NFS, NIS, SNMP, etc. then I would look for a VPN solution that brings them > > into your network through the firewall and allows them to access these > > services as an internal user. > > > > O'Reilly does a good book on Firewall Security, I suggest that you get it > > and have a read. CERT also has a good document on packet filtering > > (http://www.cert.org). Also, check the FreeBSD handbook or The Complete > > FreeBSD for more information about setting up firewalls on FreeBSD systems. > > > > Hope this helps, > > > > john... > > > > ----- Original Message ----- > > From: "Jonathan M. Slivko" > > To: > > Cc: > > Sent: Wednesday, November 29, 2000 5:23 PM > > Subject: Danger Ports > > > > > > > Can someone tell me what are the "danger" ports on FreeBSD, ports that > > > perhaps need to be blocked because they are insecure? I would like to know > > > so in the future, I can prevent outside attacks and concentrate more on > > > internal attacks, or "insider jobs" as they're called. > > > > > > ---- > > > Jonathan M. Slivko > > > Technical Support, CoreSync Corporation (http://www.coresync.net) > > > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > > > Pager/Voicemail: (917) 388-5304 > > > ---- > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Andrew McNaughton Scoop Media Ltd andrew@scoop.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message