LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-18-2003, 01:30 PM   #1
loganwva
Member
 
Registered: Jul 2001
Location: West Virginia
Distribution: SuSE 9.1
Posts: 117

Rep: Reputation: 15
nmap scan


After doing an nmap scan on my Linksys router that has Mandrake 9.0 and windows 2000 connected to it I got these results. My qusetion is are any of these opened ports used for trojans?

[root@linux /]# nmap -sU -sT 192.168.1.1

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.1.1):
(The 3062 ports scanned but not shown below are in state: closed)
Port State Service
53/udp open domain
67/udp open dhcpserver
69/udp open tftp
80/tcp open http
520/udp open route
1400/udp open cadkey-tablet
5050/udp open mmcc

Nmap run completed -- 1 IP address (1 host up) scanned in 11 seconds
[root@linux /]#

Thank you
 
Old 02-18-2003, 01:41 PM   #2
chrisk5527
Member
 
Registered: Oct 2002
Location: Michigan
Distribution: Slackware Linux 10.0
Posts: 289

Rep: Reputation: 30
Not necessarily. Although the ports open are the ones most likely to be attacked by an intruder. Usually Trojan's are the fault of either the user on the system from downloads, or a person sitting down at the workstation and loading it manually. You may want to look into tightening up security, such as not allowing anonymous ftp access.

Chris
 
Old 02-18-2003, 01:47 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,311
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
Besides that here's some LQ notes on Linksys security: http://www.linuxquestions.org/questi...007#post157007
 
Old 02-18-2003, 02:27 PM   #4
loganwva
Member
 
Registered: Jul 2001
Location: West Virginia
Distribution: SuSE 9.1
Posts: 117

Original Poster
Rep: Reputation: 15
The tftp has me worried the most because I don't have a tftp server running, that I know of. If there is one how do I shut it down?
 
Old 02-18-2003, 03:57 PM   #5
chrisk5527
Member
 
Registered: Oct 2002
Location: Michigan
Distribution: Slackware Linux 10.0
Posts: 289

Rep: Reputation: 30
I'm not very familiar with Mandrake, but with RedHat and Slackware you can remove the line within the rc.M or rc.S file that brings up the tftp server. There must be an entry somewhere. If I were you, I would issue:
=========
cd /etc/rc.d
grep tftp *
=========
Just to see where the entry is within these files, and make sure they are commented out, with either a # or ;
 
Old 02-25-2003, 07:16 PM   #6
kater
Member
 
Registered: Feb 2003
Location: Switzerland, Berne
Distribution: Slackware 9.0
Posts: 186

Rep: Reputation: 30
Just uncomment the lines in /etc/inetd.conf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Scan behind Router With nMap? arpanet1969 Linux - Security 1 01-28-2005 05:38 AM
nmap scan results ! dimgr Linux - Security 3 01-21-2005 12:39 PM
Nmap with Idle scan Ephracis Linux - Security 0 12-10-2004 05:08 AM
Cant scan with nmap or nessus saltas Linux - Networking 2 09-29-2004 03:34 PM
scan my network with nmap. amer_58 Linux - Networking 3 06-17-2004 12:11 AM


All times are GMT -5. The time now is 03:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration