Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse (5130 mails)

< Previous Next >
RE: [SLE] worrying port scan
  • From: "Marlier, Ian" <ian.marlier@xxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 5 May 2006 16:09:06 -0400
  • Message-id: <D2575519D6CA2840B6D3E26087EA71B6C6A5@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>


> -----Original Message-----
> From: steve [mailto:mail@xxxxxxxxxxxx]
> Sent: Friday, May 05, 2006 12:40 PM
> To: suse-linux-e@xxxxxxxx
> Subject: Re: [SLE] worrying port scan
>
>
> > > Confused! Steve.
> >
> > FTP and Telnet are _not_ running on your box. I would assume that
> > they're running on the router, and are probably filtered to allow
only
> > internal addresses and to drop anything from outside. Looks like
you've
> > got the standard local-only Postfix install, a web server, MySQL
(you
> > did remember to set the root password, right? :-), and RPC services.
> > Totally vanilla, in other words.
>
> It's a 10.0 install right from the box. Is that what vanilla means?
Yes,
> there's a root password for mysql too.

Yup, that's what vanilla means -- there isn't anything unusual running
there, anything like that.

> >
> > It's also possible that your ISP has a DROP rule in place for
incoming
> > connections to those ports. Many do DROP connections in to certain
> > ports (port 25 and port 80 being the two that are most commonly
> > filtered). If an upstream firewall/ACL is preventing access to
those
> > ports and dropping the packets, they would appear in the list
designated
> > the same way.
> >
> > If you've got access to an external box that allows you to portscan,
you
> > can probably do a telnet out, right?
>
> Yes it lets me.
>
> > Try telneting to yourself, and see
> > what the greeting line turns up...if it's a standard telnet server,
> > it'll probably identify itself.
>
> I get 'connection refused'. that's from my internal box though.

Just for kicks, from an external box try telneting to yourself. Just to
be double-safe.

>
> Bottom line, do you think this is safe?
> Cheers and thank you for your excellently clear explantions.
> Steve.

I wouldn't be _too_ concerned, but I would definitely track those
services down -- you don't want to expose them to the outside world,
even if they aren't running on anything important.



< Previous Next >