1839305 Members
2793 Online
110138 Solutions
New Discussion

Re: Port Scan, security?

 
HPP
Regular Advisor

Port Scan, security?

Hi,
We are running HP-UX 10.20 and HP-UX 11.00. We have setup system level security and network security. Everyday some hacker tries to Scan the Ports on different servers. We have Klaxon deamon running on all these server and whenever somebody tries to Scan the port on any server, it sends out alert to system admin.
1.Is their way to track the outsider activities on the server apart from syslog, deamon.log?
2. Can someone explain more about Port Scan or give some link on web where i can learn more about Port Scan and Security.
3. Also we have BIND 9.1.1 running on HP-UX 10.20. How secure is BIND 9.1.1?
4. Any utilities available on HP-UX 10.20 and 11.00 for Security Checking. Any tips on making HP-UX more secure?

Please help.
Thanks in advance.

Be Teachable
4 REPLIES 4
Barry O Flanagan
Respected Contributor

Re: Port Scan, security?

First things first: do you have a firewall? If so your firewall logs should tell you where traffic directed at certain machines is coming from. If you can get this info, do a WHOIS on the IP and you can work out where/who this person is. If you do have a firewall it might be worth checking what ports are open to which servers.

If you don't, or the port scan is internal then you need to harden your O/S see http://people.hp.se/stevesk/bastion11.html for how to harden your HP system, to make yourself more difficult to scan.

"nmap" is a good port scanner and you can use it yourself to scan your own systems after you harden them to show up any security holes.

Thats my 2 cents...
HPP
Regular Advisor

Re: Port Scan, security?

Barry O'Flanagan,
Thanks for your quick response. Where can i get "nmap" untility? Is it available from HP or its freeware?
The link you provided has good security stuff.

Thanks



Be Teachable
Stefan Schulz
Honored Contributor

Re: Port Scan, security?

You can get nmap from the Software Porting Archive (http://hpux.connect.org.uk/). There is also another scanner available called "iss", and perhaps more. And yes, nmap is free.

You will also find a goot TCP sniffer called ethereal there. So you could analyze the ambigous TCP packets.

But my first thing would be to check the firewall. You have a firewall, don't you ;-)
No Mouse found. System halted. Press Mousebutton to continue.
Paul Hawkins
Frequent Advisor

Re: Port Scan, security?

If your server security has been compromised then it may be difficult to track what the intruder has modified/changed/deleted/added etc... I use Tripwire (free software). You build a database of digital signatures of your system files (or any other files for that matter). If any of the files are changed, or files added to directories you will know about it.
This is obviously not a first line of defence measure but it is majorly important to know what has been interfered with after an attack.