From owner-freebsd-security Tue Feb 11 10:47:12 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D013A37B401 for ; Tue, 11 Feb 2003 10:47:07 -0800 (PST) Received: from darkpossum.medill.northwestern.edu (darkpossum.medill.northwestern.edu [129.105.51.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id E997843F93 for ; Tue, 11 Feb 2003 10:47:06 -0800 (PST) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: from darkpossum.medill.northwestern.edu (de1e7068681359bf3c5e671c94e7d365@localhost.medill.northwestern.edu [127.0.0.1]) by darkpossum.medill.northwestern.edu (8.12.6/8.12.6) with ESMTP id h1BIbw74003333 for ; Tue, 11 Feb 2003 12:37:58 -0600 (CST) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: (from possum@localhost) by darkpossum.medill.northwestern.edu (8.12.6/8.12.6/Submit) id h1BIbw9B003332 for freebsd-security@FreeBSD.ORG; Tue, 11 Feb 2003 12:37:58 -0600 (CST) Date: Tue, 11 Feb 2003 12:37:58 -0600 From: Redmond Militante To: freebsd-security@FreeBSD.ORG Subject: Re: n00b ipf/ipnat questions Message-ID: <20030211183758.GA791@darkpossum> Reply-To: Redmond Militante References: <20030211002256.GA824@darkpossum> <20030211090154.R30313-100000@cactus.fi.uba.ar> <20030211141831.GB824@darkpossum> <20030211090331.2e16f1c0.nospam@hiltonbsd.com> <20030211155840.GA2733@darkpossum> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oyUTqETQ0mS9luUI" Content-Disposition: inline In-Reply-To: <20030211155840.GA2733@darkpossum> User-Agent: Mutt/1.4i X-Sender: redmond@darkpossum.medill.northwestern.edu X-URL: http://darkpossum.medill.northwestern.edu/modules.php?name=Content&pa=showpage&pid=1 X-DSS-PGP-Fingerprint: F9E7 AFEA 0209 B164 7F83 E727 5213 FAFA 1511 7836 X-Favorite-Food: Pizza Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --oyUTqETQ0mS9luUI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable hi any comments? :) i'm thinking that it's probably a good thing the box behind the gateway is = only listening on a select number of ports, but i don't understand why the = gateway itself seems to be listening on a large number of ports. is this normal? =20 thanks redmond > hi >=20 > ok. > netstat -na | grep LISTEN on the box i'm nmapping from > ------- > tcp4 0 0 *.10000 *.* LISTEN > tcp4 0 0 *.3306 *.* LISTEN > tcp4 0 0 *.21 *.* LISTEN > tcp4 0 0 *.80 *.* LISTEN > tcp4 0 0 *.587 *.* LISTEN > tcp4 0 0 *.25 *.* LISTEN > tcp4 0 0 *.22 *.* LISTEN > tcp46 0 0 *.22 *.* LISTEN >=20 >=20 > netstat -na | grep LISTEN on the gateway box > ------- > tcp4 0 0 *.587 *.* LISTEN > tcp4 0 0 *.25 *.* LISTEN > tcp4 0 0 *.22 *.* LISTEN > tcp46 0 0 *.22 *.* LISTEN > tcp4 0 0 *.54320 *.* LISTEN > tcp4 0 0 *.49724 *.* LISTEN > tcp4 0 0 *.40421 *.* LISTEN > tcp4 0 0 *.32774 *.* LISTEN > tcp4 0 0 *.32773 *.* LISTEN > tcp4 0 0 *.32772 *.* LISTEN > tcp4 0 0 *.32771 *.* LISTEN > tcp4 0 0 *.31337 *.* LISTEN > tcp4 0 0 *.27665 *.* LISTEN > tcp4 0 0 *.20034 *.* LISTEN > tcp4 0 0 *.12346 *.* LISTEN > tcp4 0 0 *.12345 *.* LISTEN > tcp4 0 0 *.6667 *.* LISTEN > tcp4 0 0 *.5742 *.* LISTEN > tcp4 0 0 *.2000 *.* LISTEN > tcp4 0 0 *.1524 *.* LISTEN > tcp4 0 0 *.1080 *.* LISTEN > tcp4 0 0 *.635 *.* LISTEN > tcp4 0 0 *.540 *.* LISTEN > tcp4 0 0 *.143 *.* LISTEN > tcp4 0 0 *.119 *.* LISTEN > tcp4 0 0 *.111 *.* LISTEN > tcp4 0 0 *.79 *.* LISTEN > tcp4 0 0 *.15 *.* LISTEN > tcp4 0 0 *.11 *.* LISTEN > tcp4 0 0 *.1 *.* LISTEN >=20 > netstat -na | grep LISTEN on the webserver behind gateway > ------- > tcp4 0 0 *.21 *.* LISTEN > tcp4 0 0 *.80 *.* LISTEN > tcp4 0 0 *.587 *.* LISTEN > tcp4 0 0 *.25 *.* LISTEN > tcp4 0 0 *.22 *.* LISTEN > tcp46 0 0 *.22 *.* LISTEN >=20 >=20 > thanks >=20 > redmond --oyUTqETQ0mS9luUI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+SUMFFNjun16SvHYRAuUHAJ9eQ/qnrdt90MtQAqAefAzBbavEGACgwdkk uPsUnw53VAXyqmXoQ+bzqno= =Ezb0 -----END PGP SIGNATURE----- --oyUTqETQ0mS9luUI-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message