Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] Open Ports on Webserver - Why
  • From: "Philippe Vogel" <filiaap@xxxxxxxxxx>
  • Date: Mon, 5 Aug 2002 00:10:39 +0200
  • Message-id: <000701c23c03$c4ca0ea0$52ef5b86@xxxxxxxxxxxxxxxxxx>
> I tested my SUSE 7.2 Webserver with two Portscanners and both gave me
> the same result:
>
> 389 Lightweight Directory Access Protocol
> 1720 h323hostcall

Sometimes this Portscanner do not show, what's going on.
I have Norton AV installed, which opens a local Port for Pop3 and Smtp
for Mailscanning as loopback.
I see on all machines this Ports open, which is fake!
The scanner interpretes this locally loopbacked open Ports as open Ports
on the system.
I would test GFI's Languard for basic security testing (beta 3 shows out
of date daemons and much more).
Configure your machine, so that no open Port's banner show the version
of the daemon, so it is harder to find out, where the bugs are in your
system.

Please check your local macine, from which you scanned for loopbacked
ports (all tcp will be forwarded throug this ports and are interpreted
as above shown).
Check again from another PC if there are the same open ports.

Philippe



< Previous Next >
References