HPE Community
Operating System - HP-UX
1834375 Members
3154 Online
110066 Solutions
New Discussion

Re: Port Scan, security?

 
HPP
Regular Advisor

‎04-23-2001 04:56 AM

‎04-23-2001 04:56 AM

Port Scan, security?

Hi,
We are running HP-UX 10.20 and HP-UX 11.00. We have setup system level security and network security. Everyday some hacker tries to Scan the Ports on different servers. We have Klaxon deamon running on all these server and whenever somebody tries to Scan the port on any server, it sends out alert to system admin.
1.Is their way to track the outsider activities on the server apart from syslog, deamon.log?
2. Can someone explain more about Port Scan or give some link on web where i can learn more about Port Scan and Security.
3. Also we have BIND 9.1.1 running on HP-UX 10.20. How secure is BIND 9.1.1?
4. Any utilities available on HP-UX 10.20 and 11.00 for Security Checking. Any tips on making HP-UX more secure?

Please help.
Thanks in advance.

Be Teachable
0 Kudos
Reply
4 REPLIES 4
Barry O Flanagan
Respected Contributor

‎04-23-2001 05:06 AM

‎04-23-2001 05:06 AM

Re: Port Scan, security?

First things first: do you have a firewall? If so your firewall logs should tell you where traffic directed at certain machines is coming from. If you can get this info, do a WHOIS on the IP and you can work out where/who this person is. If you do have a firewall it might be worth checking what ports are open to which servers.

If you don't, or the port scan is internal then you need to harden your O/S see http://people.hp.se/stevesk/bastion11.html for how to harden your HP system, to make yourself more difficult to scan.

"nmap" is a good port scanner and you can use it yourself to scan your own systems after you harden them to show up any security holes.

Thats my 2 cents...
0 Kudos
Reply
HPP
Regular Advisor

‎04-23-2001 05:53 AM

‎04-23-2001 05:53 AM

Re: Port Scan, security?

Barry O'Flanagan,
Thanks for your quick response. Where can i get "nmap" untility? Is it available from HP or its freeware?
The link you provided has good security stuff.

Thanks



Be Teachable
0 Kudos
Reply
Stefan Schulz
Honored Contributor

‎04-23-2001 06:10 AM

‎04-23-2001 06:10 AM

Re: Port Scan, security?

You can get nmap from the Software Porting Archive (http://hpux.connect.org.uk/). There is also another scanner available called "iss", and perhaps more. And yes, nmap is free.

You will also find a goot TCP sniffer called ethereal there. So you could analyze the ambigous TCP packets.

But my first thing would be to check the firewall. You have a firewall, don't you ;-)
No Mouse found. System halted. Press Mousebutton to continue.
0 Kudos
Reply
Paul Hawkins
Frequent Advisor

‎04-23-2001 06:23 AM

‎04-23-2001 06:23 AM

Re: Port Scan, security?

If your server security has been compromised then it may be difficult to track what the intruder has modified/changed/deleted/added etc... I use Tripwire (free software). You build a database of digital signatures of your system files (or any other files for that matter). If any of the files are changed, or files added to directories you will know about it.
This is obviously not a first line of defence measure but it is majorly important to know what has been interfered with after an attack.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.