From owner-freebsd-questions Wed May 17 1:48:21 2000 Delivered-To: freebsd-questions@freebsd.org Received: from theory1.physics.iisc.ernet.in (theory1.physics.iisc.ernet.in [144.16.71.20]) by hub.freebsd.org (Postfix) with SMTP id 8A01537BAFE for ; Wed, 17 May 2000 01:48:09 -0700 (PDT) (envelope-from rsidd@physics.iisc.ernet.in) Received: (qmail 79835 invoked by uid 211); 17 May 2000 08:41:25 -0000 Date: Wed, 17 May 2000 14:11:25 +0530 From: Rahul Siddharthan To: Mark Ovens Cc: questions@FreeBSD.ORG Subject: Re: Is port scanning a problem? Message-ID: <20000517141125.A79652@physics.iisc.ernet.in> References: <20000516203849.A1491@parish> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000516203849.A1491@parish>; from mark@dogma.freebsd-uk.eu.org on Tue, May 16, 2000 at 08:38:49PM +0100 X-Operating-System: FreeBSD 3.4-STABLE i386 X-Question: Do you enjoy reading pointless headers? Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > My ISP's support newsgroup has lots of threads about "port scanning". > Most of the people there are Windozers and since I've never heard any > mention of it here I assume that it is a Windows vulnerability and not > an issue if I connect only from FreeBSD. Is this correct? > > I checked out Steve Gibson's site (http://wrc.com) which has a test > program to check the vulnerability of your machine. The only thing > that showed up in my logs when I ran this was in /var/log/messages: > > May 16 20:23:18 parish inetd[96]: /usr/libexec/fingerd[1438]: exit status 0x100 Port scanning just means checking by brute force which ports are open on your machine, afaik. The portscanner you ran probably tried the fingerd port too -- every time someone fingers someone on your machine from outside you'll get that message in /var/log/messages. Again, afaik, it is an issue only in that the services you run (httpd, ftpd, sendmail etc) could have security problems which could enable an attacker to get root access. Many machines have a lot of services enabled by default which you don't really need. A portscanner will tell you which ports are open on your machine so that you can close everything non-essential. You should portscan your machine before an attacker does. If there's more to it than that, maybe someone else will tell you about it... R. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message