Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 54
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
Looking at /etc/services, we can tell that port 37 is a "time" service, which is a time server. 6000 is
X11, and 80 is the standard port for HTTP servers like Apache. There is nothing really unusual here as these
are all readily available services on Linux.
The first two above are definitely not the kind of services you'd want just anyone to connect to. These should
be firewalled so that all outside connections are refused. Again, we can't tell from this output whether any
firewall is in place, much less how effectively implemented it may be.
The web server on port 80 is not a huge security risk by itself. HTTP is a protocol that is often open to all
comers. For instance, if we wanted to host our own home page, Apache can certainly do this for us. It is also
possible to firewall this off, so that it is for use only to our LAN clients as part of an Intranet. Obviously too,
if you do not have a good justification for running a web server, then it should be disabled completely.
The next two lines are interesting:
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
Again notice the "Local Address" is not 0.0.0.0. This is good! The port this time is 53, or the DNS port
used by nameserver daemons like named. But we see the nameserver daemon is only listening on the lo
interface (localhost), and the interface that connects bigcat to the LAN. So the kernel only allows connections
from localhost, and the LAN. There will be no port 53 available to outside connections at all. This is a good
example of how individual applications can sometimes be securely configured. In this case, we are probably
looking at a caching DNS server since a real nameserver that is responsible for handling DNS queries would
have to have port 53 open to the world. This is a security risk and requires special handling.
The last three LISTENER entries:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
These are back to listening on all available interfaces. Port 22 is sshd, the Secure Shell server daemon. This is
a good sign! Notice that the service for port 631 does not have a service name if we look at the output in the
first example. This might be a clue that something unusual is going on here. (See the next section for the
answer to this riddle.) And lastly, port 25, the standard port for the SMTP mail daemon. Most Linux
installations probably will have an SMTP daemon running, so this is not necessarily unusual. But is it
necessary?
The next grouping is established connections. For our purposes the state of the connection as indicated by the
last column is not so important. This is well explained in the man page.
tcp 0 1 169.254.179.139:1174 64.152.100.93:119 SYN_SENT
tcp 0 1 169.254.179.139:1175 64.152.100.93:119 SYN_SENT
tcp 0 1 169.254.179.139:1173 64.152.100.93:119 SYN_SENT
tcp 0 0 169.254.179.139:1172 207.153.203.114:80 ESTABLISHED
tcp 1 0 169.254.179.139:1199 216.26.129.136:80 CLOSE_WAIT
tcp 0 0 169.254.179.139:80 63.236.92.144:34197 TIME_WAIT
tcp 400 0 127.0.0.1:1152 127.0.0.1:8000 CLOSE_WAIT
Security Quick−Start HOWTO for Red Hat Linux
8.3. Netstat Tutorial 51
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.023 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale