HPE Community
Operating System - HP-UX
1822551 Members
2992 Online
109642 Solutions
New Discussion юеВ

Port vulnerability

 
SOLVED
Go to solution
Javier Ortiz Guajardo
Frequent Advisor

тАО01-21-2004 06:30 AM

тАО01-21-2004 06:30 AM

Port vulnerability

i have some questions about the ports configuring in the file /etc/services HPUX 11.0

How can i know what ports is in use by my system ?

Do you have a recommendation about removing ports in the services file?

how can i identify the ports vulnerable to my system?

thanks.

The obstacles are those things that the people see when they left to see their goals.
0 Kudos
Reply
7 REPLIES 7
Steven E. Protter
Exalted Contributor

тАО01-21-2004 06:34 AM

тАО01-21-2004 06:34 AM

Solution

Re: Port vulnerability

/etc/services is a reservation system.

Thats a good start.

Oracle doesn't bother using it


netstat -an | more

will let you complile a more complete list.

It will show the ports whether or not its reserved.

You need to be careful with ports 1-1024 because thats root lannd and problems will have a large impact on your system.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Sridhar Bhaskarla
Honored Contributor

тАО01-21-2004 06:35 AM

тАО01-21-2004 06:35 AM

Re: Port vulnerability

Hi,

You can look at all the opened ports on the system by using the command 'netstat -an |grep LISTEN'

A good rule is not to disable everything and open only the ones that are required.

It is not necessary that all the ports will be listed in /etc/services. You can write your own program that will listen at a port.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
Reply
Jeff Schussele
Honored Contributor

тАО01-21-2004 06:35 AM

тАО01-21-2004 06:35 AM

Re: Port vulnerability

Hi Javier,

1) Run netstat -an & all ports in use or in a listening state will be listed. Suggest you output to a file as this is usually a long list.

2) No need to remove anything from the services file. This is merely a lookup file for the inetd daemon & is used to put a "name" on a port. It should be noted that one doesn't have to have an entry in the services file for the request to be serviced by inetd.

3) A portscan tool can be used to determine just what ports the system will respond to. Services can be turned off/on by editing the /etc/inetd.conf file. Access can be granted/denied several ways - by using the /var/adm/inetd.sec file or through a program like tcp-swappers.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Jeff Schussele
Honored Contributor

тАО01-21-2004 06:37 AM

тАО01-21-2004 06:37 AM

Re: Port vulnerability

Wow - that was a weird typo...he..he..he

Should be tcp-wrappers of course

LOL,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО01-21-2004 06:44 AM

тАО01-21-2004 06:44 AM

Re: Port vulnerability

I take the turn-off-everything approach for new systems. /etc/inetd.conf defines the services that will be listening to the LAN card, so I remove (comment out) every service except telnet and perhaps ftp. Then add services when needed. That way, you don't have to worry about turning off a service and wondering what breaks. The majority of services in /etc/inetd.conf can be disabled as they are legacy (time, daytime, chargen, discard, ntalk, uucp and so on) tools and not used by modern applications.


Bill Hassell, sysadmin
Reply
Andrew Cowan
Honored Contributor

тАО01-21-2004 07:45 PM

тАО01-21-2004 07:45 PM

Re: Port vulnerability

If you are examining ports on your system download "lsof" from the HP Porting Centre. Remember that not all ports/daemons are controlled by inetd.

You should also read the man pages for "inetd.sec".

Good luck,
Andrew
Reply
Vijaya Kumar_3
Respected Contributor

тАО01-21-2004 07:54 PM

тАО01-21-2004 07:54 PM

Re: Port vulnerability

Also, i will suggest a great utility called nmap for port scanning. You can list both tcp and udp ports opened on a server using this utility. Let me give you one example:


bash-2.05# nmap 172.25.5.51

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on tserver (172.25.5.51):
(The 1528 ports scanned but not shown below are in state: closed)
Port State Service
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open loc-srv
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
1030/tcp open iad1
1031/tcp open iad2
1080/tcp open socks
1103/tcp open xaudio
8082/tcp open blackice-alerts


Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
bash-2.05#

Hope this helps
-Vijay
Known is a drop, unknown is ocean - visit me at http://vijay.theunixplace.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.