Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 May 2000 04:01:33 -0700
From:      Rob <robert@namodn.com>
To:        questions@freebsd.org
Subject:   Re: Is port scanning a problem?
Message-ID:  <20000517040133.A14908@theo.namodn.com>
In-Reply-To: <20000517141125.A79652@physics.iisc.ernet.in>; from rsidd@physics.iisc.ernet.in on Wed, May 17, 2000 at 02:11:25PM %2B0530
References:  <20000516203849.A1491@parish> <20000517141125.A79652@physics.iisc.ernet.in>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Rahul,


Well, you have fingerd running.. 

Any particularly good reason? 

The only real issue there is that
people can guess at usernames without
triggering any alarms. 

login has slowdown tricks that make
it difficult enough to brute force,
but if you know a valid username you
are at least half there ( paranoia.. )

Get nmap, it's in the ports under security.
There's other stuff you probly don't wanna
run except under tight control, like rsh/rexec
etc.

You most definitely will get port scanned at
one time or another if you are using a public
IP address that is owned by an ISP ( DSL is
worse.. )

There are alot of automated scripts out
there that portscan, queso ( try to 
figure out operating system/version )
and try known exploits on open ports.

Might as well not risk it if you
are not using all the services you run.

I generally run sshd and whatever service(s) the box
is to perform ( generally one on servers, but my home
machine has to be stretched a bit farther.. :)

Which does bring to mind, why does sshd by default
only ask for a password when a user account exists?
Seems to open up the aforementioned fingerd prob...


   Rob
( Namodn )


On Wed, May 17, 2000 at 02:11:25PM +0530, Rahul Siddharthan wrote:
> > My ISP's support newsgroup has lots of threads about "port scanning".
> > Most of the people there are Windozers and since I've never heard any
> > mention of it here I assume that it is a Windows vulnerability and not
> > an issue if I connect only from FreeBSD. Is this correct?
> > 
> > I checked out Steve Gibson's site (http://wrc.com) which has a test
> > program to check the vulnerability of your machine. The only thing
> > that showed up in my logs when I ran this was in /var/log/messages:
> > 
> > May 16 20:23:18 parish inetd[96]: /usr/libexec/fingerd[1438]: exit status 0x100
> 
> Port scanning just means checking by brute force which ports are open
> on your machine, afaik.  The portscanner you ran probably tried the
> fingerd port too -- every time someone fingers someone on your machine
> from outside you'll get that message in /var/log/messages.
> 
> Again, afaik, it is an issue only in that the services you run (httpd,
> ftpd, sendmail etc) could have security problems which could enable an
> attacker to get root access. Many machines have a lot of services
> enabled by default which you don't really need. A portscanner will
> tell you which ports are open on your machine so that you can close
> everything non-essential.  You should portscan your machine before
> an attacker does.
> 
> If there's more to it than that, maybe someone else will tell you
> about it...
> 
> R.
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000517040133.A14908>