running nmap against evilentity linux
I ran this scan on my Debian laptop against EvilEntity linux fresh install (also on my network)
some results: PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 37/tcp open time 79/tcp open finger 111/tcp open rpcbind 113/tcp open auth 139/tcp open netbios-ssn 513/tcp open login 514/tcp open shell 515/tcp open printer 666/tcp open doom On my windowsXP fresh install there are no open ports. |
so... Do you have a question?
|
Shutdown the services not needed.
139/tcp open netbios-ssn Also this is a windows port, are you running samba? Why did you not find the same port on windows? |
I just happen to like an installation that lets me choose which ports I want open.
It does not 'appear' professional otherwise. What is port 666 for instance? I installed several versions of linux/unix and none of them have open ports out of the box or fresh install. I can think of good reasons for keeping this operating system and perhaps learn from doing so.. Just my opinion and I thought my post would be of help! |
port 666 is for the game doom or many windows trojans, so I find it hard to believe this is a port scan of a linux box.
|
I assume you have EvilEntity linux.
I ran a port scan on DSL Debian laptop that is dual booted with WindowsXP against a dialup connection (EvilEntity). I used the /sbin/ifconfig to get the IP address (of EE)and did a netstat -n to see if all those ports were being listened on. I used the same phone line which I don't think should make a difference anymore than if I cross cabled my two computers together. Go figure , perhaps I got it wrong. The netstat -n and netstat -a confirmed that several of the above ports were being listened on on EE. My port scan also confirmed that the scan was made from the evilentity IP address. I need to read something on sockets and check out the /etc/services or the daemons super server on EvilEntity. I think you can name it (socket sever)anything so maybe 666\tcp doom is not what it says it is. I should have posted my remarks to EvilEntity--however (they )are not responsive. |
I have never used evilentity linux or evilentity anything for that matter. Here is the nmap against my (Slackware)linux windows-file server:
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-03-07 22:18 CST Interesting ports on . (192.168.10.3): (The 65528 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 113/tcp open auth 139/tcp open netbios-ssn 445/tcp open microsoft-ds Nmap run completed -- 1 IP address (1 host up) scanned in 31.673 seconds Checks out okay, nothing funny. Now a stock install slackeware 10.1 using official cd's dont know if it matters though: Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-03-07 22:25 CST WARNING: We could not determine for sure which interface to use, so we are guessing 127.0.0.1 . If this is wrong, use -S <my_IP_address>. Interesting ports on localhost (127.0.0.1): (The 65528 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp Nmap run completed -- 1 IP address (1 host up) scanned in 0.467 seconds Now that is even better. Also I am behind a hardware firewall. I also checked out evilentity linux and it is still beta, if that matters. I have never seen so many open ports by default and I have tried many distros. That is crazy. |
Thanks for your response.
I should also go to sygate's online scanner for a double check. All the ports can be easly closed by placing the pound sign on the uneeded daemons in inetd.conf. # ssj telnet stream tcp nowait root/usr/sbin/tcpd in.telnetd also important after commenting the daemon kill -HUP $(cat /var/run/inetd.pid) then try 'netstat -ta' will tell you if the port is closed. |
Quote:
I disable rc.ssh and rc.sendmail in the setup of Slackware, so there are no ports open for me. |
All times are GMT -5. The time now is 02:53 AM. |