Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 51
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
6000 − X11 TCP port for remote connections. Low to moderate risk, but again, this should be LAN only.
Actually, this can include ports 6000−6009 since X can support multiple displays and each display would
have its own port. ssh's X11Forwarding will start using ports at 6010.
6346 − gnutella.
6667 − ircd, Internet Relay Chat Daemon.
6699 − napster.
7100−7101 − Some font servers use these ports. Low risk, but LAN only.
8000 and 8080 − common web cache and proxy server ports. LAN only.
10000 − webmin, a web based system administration utility. Low risk at this point.
27374 − SubSeven, a commonly probed for Windows only Trojan. Also, 1243.
31337 − Back Orifice, another commonly probed for Windows only Trojan.
More services and corresponding port numbers can be found in /etc/services. Also, the "official" list is
http://www.iana.org/assignments/port−numbers.
A great analysis of what probes to these and other ports might mean from Robert Graham:
http://www.linuxsecurity.com/resource_files/firewalls/firewall−seen.html. A very good reference.
Another point here, these are the standard port designations. There is no law that says any service has to run
on a specific port. Usually they do, but certainly they don't always have to.
Just a reminder that when you see these types of ports in your firewall logs, it is not anything to go off the
deep end about. Not if you have followed Steps 1−3 above, and verified your firewall works. You are fairly
safe. Much of this traffic may be "stray bullets" too −− Internet background noise, misconfigured clients or
routers, noisy Windows stuff, etc.
8.3. Netstat Tutorial
8.3.1. Overview
netstat is a very useful utility for viewing the current state of your network status −− what servers are
listening for incoming connections, what interfaces they listen on, who is connected to us, who we are
connect to, and so on. Take a look at the man page for some of the many command line options. We'll just
use a relative few options here.
As an example, let's check all currently listening servers and active connections for both TCP and UDP on
our hypothetical host, bigcat. bigcat is a home desktop installation, with a DSL Internet connection in this
example. bigcat has two ethernet cards: one for the external connection to the ISP, and one for a small LAN
with an address of 192.168.1.1.
Security Quick−Start HOWTO for Red Hat Linux
8.3. Netstat Tutorial 48
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.055 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale