From owner-freebsd-security Tue Mar 19 7:57:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id B8B2037B405 for ; Tue, 19 Mar 2002 07:56:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g2JFub3u077318; Wed, 20 Mar 2002 03:56:37 +1200 (NZST) (envelope-from andrew@scoop.co.nz) Date: Wed, 20 Mar 2002 03:56:37 +1200 (NZST) From: Andrew McNaughton X-X-Sender: andrew@a2 To: Julian Stacey Cc: freebsd-security@FreeBSD.ORG Subject: Re: ports 1021 1022 1023 & 587 ? In-Reply-To: <200203191511.g2JFBbG55810@jhs.muc.de> Message-ID: <20020320035312.G68403-100000@a2> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 19 Mar 2002, Julian Stacey wrote: > On a 4.5-RELEASE firewall ports 1021 1022 1023 are shown open by > /usr/ports/security/portscanner, but not listed in /etc/services. > > Are they daemons doing auto decrement allocation from 1024 ? > ( I'm using ipfw firewall, not using diverts (yet), not using X server, > am using various other daemons inc. nfs amd lpd timed whod etc) > > Should I block some 1023 port range with ipfw on non {localhost & local > ethernet} interfaces ? What range ? If you are not sure what is running on the port, then why on earth is the port allowed through the firewall at present? Block everything coming in by default, and then open up only the ports you need. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message