Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
RE: [suse-security] server-check
  • From: "Raffy" <suse@xxxxxxxx>
  • Date: Sat, 10 Feb 2001 11:14:17 +0100
  • Message-id: <000701c0934a$3a9992e0$a26647d4@xxxxxxxx>
Hey,

> Port State Service
> 22/tcp open ssh
> 25/tcp open smtp
> 37/tcp open time

Are you sure you need this???

> 80/tcp open http
> 111/tcp open sunrpc

And this? It's kind of dangerous to have this running. A lot of exploits are
floating around which are attacking this service.
Unless you _really_ need it. Close it up! Or block it at the firewall at
least!!!

> 119/tcp open nntp

Sure you are using this?

> 444/tcp open snpp
> 515/tcp open printer
> 888/tcp open accessbuilder
> 901/tcp open samba-swat
> 4557/tcp open fax
> 4559/tcp open hylafax
> 6000/tcp open X11

All of the above I'd probably close down as well. I really don't know why
you would those services to be running!!!!

> 12345/tcp open NetBus
> 12346/tcp open NetBus
> 31337/tcp open Elite

Nice. As reported earlier on this list. Unplug your machine from the net.
Very possible you were hacked!!!!

Check what is running behind 12345 with lsof and netstat¨!!!

Thanks

Raffy



< Previous Next >