topic Re: Port vulnerability in Operating System - HP-UX

Port vulnerability

Javier Ortiz Guajardo — Wed, 21 Jan 2004 14:30:34 GMT

i have some questions about the ports configuring in the file /etc/services HPUX 11.0

How can i know what ports is in use by my system ?

Do you have a recommendation about removing ports in the services file?

how can i identify the ports vulnerable to my system?

thanks.

Re: Port vulnerability

Steven E. Protter — Wed, 21 Jan 2004 14:34:09 GMT

/etc/services is a reservation system.

Thats a good start.

Oracle doesn't bother using it

netstat -an | more

will let you complile a more complete list.

It will show the ports whether or not its reserved.

You need to be careful with ports 1-1024 because thats root lannd and problems will have a large impact on your system.

SEP

Re: Port vulnerability

Sridhar Bhaskarla — Wed, 21 Jan 2004 14:35:03 GMT

Hi,

You can look at all the opened ports on the system by using the command 'netstat -an |grep LISTEN'

A good rule is not to disable everything and open only the ones that are required.

It is not necessary that all the ports will be listed in /etc/services. You can write your own program that will listen at a port.

-Sri

Re: Port vulnerability

Jeff Schussele — Wed, 21 Jan 2004 14:35:07 GMT

Hi Javier,

1) Run netstat -an & all ports in use or in a listening state will be listed. Suggest you output to a file as this is usually a long list.

2) No need to remove anything from the services file. This is merely a lookup file for the inetd daemon & is used to put a "name" on a port. It should be noted that one doesn't have to have an entry in the services file for the request to be serviced by inetd.

3) A portscan tool can be used to determine just what ports the system will respond to. Services can be turned off/on by editing the /etc/inetd.conf file. Access can be granted/denied several ways - by using the /var/adm/inetd.sec file or through a program like tcp-swappers.

HTH,
Jeff

Re: Port vulnerability

Jeff Schussele — Wed, 21 Jan 2004 14:37:30 GMT

Wow - that was a weird typo...he..he..he

Should be tcp-wrappers of course

LOL,
Jeff

Re: Port vulnerability

Bill Hassell — Wed, 21 Jan 2004 14:44:03 GMT

I take the turn-off-everything approach for new systems. /etc/inetd.conf defines the services that will be listening to the LAN card, so I remove (comment out) every service except telnet and perhaps ftp. Then add services when needed. That way, you don't have to worry about turning off a service and wondering what breaks. The majority of services in /etc/inetd.conf can be disabled as they are legacy (time, daytime, chargen, discard, ntalk, uucp and so on) tools and not used by modern applications.

Re: Port vulnerability

Andrew Cowan — Thu, 22 Jan 2004 03:45:53 GMT

If you are examining ports on your system download "lsof" from the HP Porting Centre. Remember that not all ports/daemons are controlled by inetd.

You should also read the man pages for "inetd.sec".

Good luck,
Andrew

Re: Port vulnerability

Vijaya Kumar_3 — Thu, 22 Jan 2004 03:54:57 GMT

Also, i will suggest a great utility called nmap for port scanning. You can list both tcp and udp ports opened on a server using this utility. Let me give you one example:

bash-2.05# nmap 172.25.5.51

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on tserver (172.25.5.51):
(The 1528 ports scanned but not shown below are in state: closed)
Port State Service
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open loc-srv
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
1030/tcp open iad1
1031/tcp open iad2
1080/tcp open socks
1103/tcp open xaudio
8082/tcp open blackice-alerts

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
bash-2.05#

Hope this helps
-Vijay