HPE Community
Operating System - Linux
1827808 Members
2550 Online
109969 Solutions
New Discussion

Re: A Bunny for testing my FTP and Telnet access

 
SOLVED
Go to solution
Vernon Brown_4
Trusted Contributor

‎04-02-2004 02:44 AM

‎04-02-2004 02:44 AM

A Bunny for testing my FTP and Telnet access

Four times this week; latest this morning; my Apache server would not boot; had to reformat and restore from backups. I suspect maybe it is being hacked.

I've tried to set up Ipchains to block FTP and Telnet access from the Internet while allowing it from my LAN. You should not be able to telnet or ftp to:

stkusers.com

but http should work. Test it for a bunny ??

HP 8500 running RedHat 7.1 Apache server which doubles as a proxy for my LAN to the internet.

Thanks;
Vern
0 Kudos
Reply
15 REPLIES 15
Alexander Chuzhoy
Honored Contributor

‎04-02-2004 02:50 AM

‎04-02-2004 02:50 AM

Solution

Re: A Bunny for testing my FTP and Telnet access

all of the specified above is open .i.e. I could connect to ftp, telnet and http.


Reply
Nicolas Dumeige
Esteemed Contributor

‎04-02-2004 02:51 AM

‎04-02-2004 02:51 AM

Re: A Bunny for testing my FTP and Telnet access

This is for the http :

Welcome to Stkusers home page
Here you will find free horse race handicapping and analysis software and our professional Stk2002 handicapping and analysis system.
[ 4409 ]

For FTP and telent, what is the IP to test ?
All different, all Unix
0 Kudos
Reply
Nicolas Dumeige
Esteemed Contributor

‎04-02-2004 03:16 AM

‎04-02-2004 03:16 AM

Re: A Bunny for testing my FTP and Telnet access

Alexander, that's kind of a paid hack !
All different, all Unix
0 Kudos
Reply
Vernon Brown_4
Trusted Contributor

‎04-02-2004 03:26 AM

‎04-02-2004 03:26 AM

Re: A Bunny for testing my FTP and Telnet access

Thanks;

I'm still trying to turn off telnet and FTP.

I just removed port 21 and 23 from my Ipchains ACCEPT list. Another try ??

IP is 66.112.33.128

0 Kudos
Reply
Hazem Mahmoud_3
Respected Contributor

‎04-02-2004 04:33 AM

‎04-02-2004 04:33 AM

Re: A Bunny for testing my FTP and Telnet access

I was able to telnet (get a login prompt) but I was not able to ftp. So it looks like you were able to turn off the ftp port but the telnet port is still active.

-Hazem
Reply
Hazem Mahmoud_3
Respected Contributor

‎04-02-2004 04:35 AM

‎04-02-2004 04:35 AM

Re: A Bunny for testing my FTP and Telnet access

Actually, let me take that back. I was also able to ftp. It just took a long time, but I was able to get a prompt.

-Hazem
Reply
Vernon Brown_4
Trusted Contributor

‎04-02-2004 04:41 AM

‎04-02-2004 04:41 AM

Re: A Bunny for testing my FTP and Telnet access

Thanks guys !!

Looks like I have more work to do.
0 Kudos
Reply
Hazem Mahmoud_3
Respected Contributor

‎04-02-2004 04:49 AM

‎04-02-2004 04:49 AM

Re: A Bunny for testing my FTP and Telnet access

Vernon,
Did you restart xinet.d after making the changes?

-Hazem
Reply
Vernon Brown_4
Trusted Contributor

‎04-02-2004 07:54 AM

‎04-02-2004 07:54 AM

Re: A Bunny for testing my FTP and Telnet access

I think I don't understand everything I know about ipchains. I did reboot after removing ports 21 and 23. First I removed my commenting them out; didn't work; so then I deleted them; didn't work.

I'll try switching to IPTables. I think I still have instructions that SEP posted.

Thanks for all your help !!
0 Kudos
Reply
Peeyush
Regular Advisor

‎04-02-2004 08:29 AM

‎04-02-2004 08:29 AM

Re: A Bunny for testing my FTP and Telnet access

Since u r working on it vermon, keep the follwing in mind.....

this is report of all ur open port..

Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
111/tcp open sunrpc
135/tcp filtered loc-srv
139/tcp filtered netbios-ssn
161/tcp filtered snmp
443/tcp open https
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
707/tcp filtered unknown
1024/tcp open kdm
4444/tcp filtered krb524

go to http://geocities.com/peeyush_maurya/
and look for
- List of all Application Ports
- List of all Trojan Ports
will show u what some ports means

work on SMTP :::can be used for spamming

if u r not comfortable with iptables ...try fwbuilder http://www.fwbuilder.org/

Regards
Peeyush
any suggestion for my site.. http://geocities.com/peeyush_maurya/
Reply
Hazem Mahmoud_3
Respected Contributor

‎04-02-2004 10:39 AM

‎04-02-2004 10:39 AM

Re: A Bunny for testing my FTP and Telnet access

I think actually for Red Hat 7.1, you should use iptables (see this site: http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html).

Below are the step-by-step instructions on how to do it:

http://www.webmo.net/support/linux72.html

Hope that helps! The weekend is here!!!

-Hazem
0 Kudos
Reply
Vernon Brown_4
Trusted Contributor

‎04-02-2004 10:50 AM

‎04-02-2004 10:50 AM

Re: A Bunny for testing my FTP and Telnet access

Thanks; I have switched to iptables; now to get the rules to do what I need :o)
0 Kudos
Reply
Peeyush
Regular Advisor

‎04-02-2004 11:00 AM

‎04-02-2004 11:00 AM

Re: A Bunny for testing my FTP and Telnet access

verm

use following command to scan ur/any ip for open ports, it helps to check ur own and others security

#nmap -sS 1.2.3.4

where 1.2.3.4 is ur IP

Regards,
Peeyush
any suggestion for my site.. http://geocities.com/peeyush_maurya/
Reply
Martin P.J. Zinser
Honored Contributor

‎04-03-2004 11:07 AM

‎04-03-2004 11:07 AM

Re: A Bunny for testing my FTP and Telnet access

Hello Vern,

an just in case you do not have nmap around it can be found at

http://www.insecure.org/nmap/

Greetings, Martin
Reply
Vernon Brown_4
Trusted Contributor

‎04-03-2004 12:07 PM

‎04-03-2004 12:07 PM

Re: A Bunny for testing my FTP and Telnet access

Thanks Martin; I didn't have it. Your link saved me lots of looking :o)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.