topic Re: about port scaning in Operating System - HP-UX

about port scaning

lin.chen — Sun, 02 Sep 2007 05:43:42 GMT

We have used the security software "ISS" to scan the system.The report shows that we have vulnerablity about "ident".
So i have to stop identd by modify "inetd.conf" and "/etc/services",then i take them effect by run "inetd -c",
But after the second scanning,it still show the vulnerablity about "ident".
Could you tell me what should I do？

Louis

Re: about port scaning

Steven E. Protter — Sun, 02 Sep 2007 06:02:40 GMT

Shalom,

Please specify what changes you made to inetd.conf.

Try inetd -k

followed by

inetd

See if it makes any difference. Check /var/adm/syslog/syslog.log

SEP

Re: about port scaning

lin.chen — Sun, 02 Sep 2007 10:42:39 GMT

I have done as follows
1.comment this line in /etc/inetd.conf
#auth stream tcp6 wait bin /usr/lbin/identd identd

2.comment this line in /etc/services
#auth 113/tcp authentication

3.inetd -c

Re: about port scaning

lin.chen — Sun, 02 Sep 2007 10:45:31 GMT

i saw from netstat -na
tcp 0 0 *.113 *.* LISTEN
How can i close TCP port 113?
louis

Re: about port scaning

Rajesh SB — Mon, 03 Sep 2007 04:42:34 GMT

HI Louis,

To close TCP port, find out which application service is using this port using "lsof" utility. So you can halt that specific service. If lsof is installed on system. If it is not installed, source is avaliable at

http://hpux.connect.org.uk/hppd/cgi-bin/search?package=on&description=on&term=lsof

Regards,
Rajesh SB