Hi, On Sat, 02 Dec 2000, you wrote:
"I'm in the process of hardening my system -
Good luck. You still have a way to go ... ;-)
thanks to this list I've already found several screws to tighten ... but nmap shows me an unusual service that's running that looks highly suspicious to me. What is "blackjack" on port 1025/udp? Also suspicious is the unknown service on port 1024/udp?"
Try (as root) "lsof -i" or "netstat -ap" to find processes allocating tcp/udp ports. My guess is that it is either a dynamically allocated rpc service, or some server process unable to bind to a privileged port an thus using the first unprivileged (1025) port. On AIX systems smux/network blackjack services are often started by default. They should not be on a Linux system, though. There are several trojan horses known to also bind to port 1025, namely NetSpy, Maverick's Matrix, and RemoteStorm. If you really want to tighten your system, consider the majority of the remaining open ports as _huge_ security risks. Most of them are either unnecessary (telnet can easily be replaced with ssh, and what's the point in running both SMTP and POP servers?) Add to that name service, web, portmap, samba, snmp and you easily turn your machine into cracker's paradise ... ;-) At least services like these should be decentralized and moved to dedicated machines. One single exploited security hole will compromise all your services.
This is what map returns:
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) Host localhost (127.0.0.1) appears to be up ... good. Initiating SYN half-open stealth scan against localhost (127.0.0.1) Adding TCP port 25 (state open). Adding TCP port 119 (state open). Adding TCP port 80 (state open). Adding TCP port 110 (state open). Adding TCP port 23 (state open). Adding TCP port 53 (state open). Adding TCP port 111 (state open). Adding TCP port 113 (state open). Adding TCP port 8080 (state open). Adding TCP port 139 (state open). ... snip ...
Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany E-Mail (work): lewelin@uni-muenster.de