From owner-freebsd-questions Wed May 17 3:52:58 2000 Delivered-To: freebsd-questions@freebsd.org Received: from theo.namodn.com (anyhosting.com [209.0.100.50]) by hub.freebsd.org (Postfix) with ESMTP id 006DC37BBEB for ; Wed, 17 May 2000 03:52:55 -0700 (PDT) (envelope-from robert@theo.namodn.com) Received: (from robert@localhost) by theo.namodn.com (8.9.3/8.9.3) id EAA14971 for questions@freebsd.org; Wed, 17 May 2000 04:01:33 -0700 Date: Wed, 17 May 2000 04:01:33 -0700 From: Rob To: questions@freebsd.org Subject: Re: Is port scanning a problem? Message-ID: <20000517040133.A14908@theo.namodn.com> References: <20000516203849.A1491@parish> <20000517141125.A79652@physics.iisc.ernet.in> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0.1i In-Reply-To: <20000517141125.A79652@physics.iisc.ernet.in>; from rsidd@physics.iisc.ernet.in on Wed, May 17, 2000 at 02:11:25PM +0530 Organization: Namodn Artists - http://www.namodn.com X-OS-Type: Debian GNU/Linux 2.2 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi Rahul, Well, you have fingerd running.. Any particularly good reason? The only real issue there is that people can guess at usernames without triggering any alarms. login has slowdown tricks that make it difficult enough to brute force, but if you know a valid username you are at least half there ( paranoia.. ) Get nmap, it's in the ports under security. There's other stuff you probly don't wanna run except under tight control, like rsh/rexec etc. You most definitely will get port scanned at one time or another if you are using a public IP address that is owned by an ISP ( DSL is worse.. ) There are alot of automated scripts out there that portscan, queso ( try to figure out operating system/version ) and try known exploits on open ports. Might as well not risk it if you are not using all the services you run. I generally run sshd and whatever service(s) the box is to perform ( generally one on servers, but my home machine has to be stretched a bit farther.. :) Which does bring to mind, why does sshd by default only ask for a password when a user account exists? Seems to open up the aforementioned fingerd prob... Rob ( Namodn ) On Wed, May 17, 2000 at 02:11:25PM +0530, Rahul Siddharthan wrote: > > My ISP's support newsgroup has lots of threads about "port scanning". > > Most of the people there are Windozers and since I've never heard any > > mention of it here I assume that it is a Windows vulnerability and not > > an issue if I connect only from FreeBSD. Is this correct? > > > > I checked out Steve Gibson's site (http://wrc.com) which has a test > > program to check the vulnerability of your machine. The only thing > > that showed up in my logs when I ran this was in /var/log/messages: > > > > May 16 20:23:18 parish inetd[96]: /usr/libexec/fingerd[1438]: exit status 0x100 > > Port scanning just means checking by brute force which ports are open > on your machine, afaik. The portscanner you ran probably tried the > fingerd port too -- every time someone fingers someone on your machine > from outside you'll get that message in /var/log/messages. > > Again, afaik, it is an issue only in that the services you run (httpd, > ftpd, sendmail etc) could have security problems which could enable an > attacker to get root access. Many machines have a lot of services > enabled by default which you don't really need. A portscanner will > tell you which ports are open on your machine so that you can close > everything non-essential. You should portscan your machine before > an attacker does. > > If there's more to it than that, maybe someone else will tell you > about it... > > R. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message