LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-25-2002, 02:33 PM   #1
Notfromkansas
Member
 
Registered: Nov 2001
Posts: 42

Rep: Reputation: 15
Question security risk?


I just scanned myself with nmap and it came up with the following:

Port State Service
111/tcp open sunrpc
1024/tcp open kdm
6000/tcp open X11
12345/tcp filtered NetBus
12346/tcp filtered NetBus

Do these present a security risk?

I hope some one can enlighten me and thank all who reply in advance.
 
Old 03-25-2002, 02:41 PM   #2
jimval7
Member
 
Registered: Jan 2002
Location: Dallas, TX
Distribution: RedHat 7.0 - Kernel 2.4.17
Posts: 95

Rep: Reputation: 16
are you running any sun systems on your network? If not turn off that port 111/tcp sunrpc. Don't use that one. Also you dont need the 1024/tcp open kdm port unless you need to administer the box from a remote location.
 
Old 03-25-2002, 02:55 PM   #3
Notfromkansas
Member
 
Registered: Nov 2001
Posts: 42

Original Poster
Rep: Reputation: 15
Firstly, I would like to thank you for your reply. I must say this forum is fast.

To be honest, I have no idea if I am running any sun systems. I just installed Mandrake 8.2 today. What I do know is that I am not interrested in being able to administer my computer remotely, so I would be greatful if you could tell me how, I can turn that function off.

Just out of curiosity how would I log into my computer over the internet?
 
Old 03-25-2002, 03:26 PM   #4
jpweston
Member
 
Registered: Mar 2002
Location: Sacramento, CA
Distribution: Slackware 8.1; Debian 3.0
Posts: 222

Rep: Reputation: 30
Notfromkansas,

I just installed Slackware 8.0 and had to track down that blasted sunrpc service. I found that it was being started by the rc.portmapper (I believe that's the name) in /etc/inetd.conf

That file is fairly well commented, so you should have no problem finding where the portmapper is being started. When you find that line, just put a # at the beginning of it. That should prevent the service from starting again when you next boot.

Also, you can get rid of that X service on port 6000 by starting X using startx -- -nolisten tcp

Check this HOWTO for more on network security: http://www.linuxdoc.org/HOWTO/Securi...WTO/index.html

j.
 
Old 03-25-2002, 04:47 PM   #5
hanzerik
Member
 
Registered: Jan 2002
Location: Cheyenne Wyoming
Distribution: Debian/Raspbian/Mint
Posts: 717

Rep: Reputation: 32
run ntsysv as root and uncheck portmap to turn off sunrpc services in the current runlevel.
use:
ntsysv --level <1-5> to pick a different runlevel to modify.ie:
ntsysv --level 5 would modify runlevel 5 services if you are in runlevel 3.

Last edited by hanzerik; 03-25-2002 at 04:51 PM.
 
Old 03-26-2002, 03:24 PM   #6
Notfromkansas
Member
 
Registered: Nov 2001
Posts: 42

Original Poster
Rep: Reputation: 15
Thumbs up

Thank you all, with your assistance, I was able to hinder portmapper from starting at boot. But since I do not start x manually I was not able to make it start with " startx -- -nolisten tcp " so that it does not accept remote logins.

Does anyone know how this is done when x is started automacticly on bootup?
 
Old 03-26-2002, 06:00 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Depending on distro 'n all you'd look in /etc/X11/fs/config or add a $serverrc variable in /usr/X11R6/bin/startx as a global value.
 
Old 03-27-2002, 01:31 PM   #8
Notfromkansas
Member
 
Registered: Nov 2001
Posts: 42

Original Poster
Rep: Reputation: 15
Thank you for your reply unSpawn, but I think your suggestion was just a bit to complex for me. What I did was ad - nolisten tcp to the last line of /etc/X11/xdm/Xservers. It seems to work but do you see a problem in doing so.
 
Old 03-27-2002, 02:31 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Heh, no, you're totally right about xdm/Xservers, my reply was only valid for X started by startx, not xdm.
 
Old 03-27-2002, 03:10 PM   #10
Notfromkansas
Member
 
Registered: Nov 2001
Posts: 42

Original Poster
Rep: Reputation: 15
Excelent, that takes care of port 6000 now I only need the kdm port 1024 and the strange Netbus ports.

Does anyone have a suggeswtion on those?
 
Old 03-28-2002, 04:38 PM   #11
Notfromkansas
Member
 
Registered: Nov 2001
Posts: 42

Original Poster
Rep: Reputation: 15
Anyone?
 
Old 03-28-2002, 07:48 PM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
For the kdm part I don't know, but for looking at the app listening on the "netbus" port you could try "lsof -i TCP" or "netstat -an -A inet -p". This will give you a listing of apps listening on TCP/UDP/RAW sockets with their Process ID. The PID's matching the offending TCP port should match output from something like "ps ax -eo pid,args", the "args" give you the commandline the app is started with.

There are some minor caveats. Nmap comes with it's own (excellent) copy of /etc/services, and lists more than the IANA assigned ports in /etc/services. Nmap can't know it's netbus listening on that port but just maps it to the entry in it's list. The second caveat is serious only if your box would be cracked, because it's quite common for skiddies to change output by loading up "fixed" binaries that are/can be configured to just not show some ports etc etc, so only a remote scan could show open ports.

Since nmap states both "netbus" ports as filtered this shows your firewall is working, you could try the same for the kdm port and see if something breaks :-]
 
Old 04-04-2002, 11:30 AM   #13
Notfromkansas
Member
 
Registered: Nov 2001
Posts: 42

Original Poster
Rep: Reputation: 15
Thumbs up

thanks a lot for your advice I will have a look at it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Risk computerdude Linux - Security 3 08-31-2005 03:25 PM
Gentoo security risk? mikieboy Linux - Security 1 03-08-2005 08:44 PM
Security Risk? N|k0N Linux - Security 7 10-02-2004 05:52 PM
is this a security risk? shanenin Linux - Security 8 11-02-2003 05:27 PM
X windows a security risk? aneikei Linux - Newbie 4 09-11-2003 02:06 AM


All times are GMT -5. The time now is 04:57 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration