On 0, Marc Shapiro <[EMAIL PROTECTED]> wrote: [snip] > Port Service Comments > 9 discard What is this?
See http://www.sockets.com/rfc863.txt - your machine allows connections on this port and throws any data sent to it to /dev/null. > 13 daytime What is this? Try 'telnet localhost 13'. It tells you the day and the time and closes the connection. Probably not exploitable... > 21 ftp OK Not really OK. I'd disable this and use scp instead. FTP puts your passwords on the network in plaintext. > 22 unassigned Is this talkd? This is ssh. Leave it there, it is a Good Thing. > 23 telnet OK Not really OK. It puts your passwords on the network in plaintext. I'd disable it and use ssh (which also provides scp). > 25 smtp I dont have smtpd running and do > not plan to set up a mail server. > Is this exim listening here? Probably exim. Someone else suggested a way to make exim only listen on the local interface. I would add that it is worth not uninstalling exim, since some user agents (such as mutt) need it to transport out-going mail. > 37 time This should stay? Try 'telnet localhost 37'. This spits the current date and time, as the numbers of seconds since 00:00 01/01/1900 GMT, as a 32-bit number. Probably not exploitable. > 79 finger This is gone, already. > 111 sun RPC portmapper? Do I need this? Only if you're using NFS or NIS. > 113 authentication What is this? See http://www.faqs.org/rfcs/rfc912.html. Try this: $ telnet localhost Username: <yourusername> Password: <yourpassword> $ netstat -a | grep localhost | grep ESTABLISHED <pick out the one that's your telnet connection you just established, and note the port numbers> $ telnet localhost 113 3925,6000 <- You type this 3925 , 6000 : USERID : UNIX :tkcook <- Server response ^] telnet> quit $ You may have legitimate security concerns about this; it will tell you which user owns a connection without itself authenticating. Google is your friend! I found all the info above with a google search for, eg, 'authentication port 113' (although I had to go to the second page of hits for that one). All of these protocols are defined in RFCs. Tom -- Tom Cook Information Technology Services, The University of Adelaide Do not meddle in the affairs of dragons, for you are crunchy, and taste good with ketchup. Get my GPG public key: https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au
msg07299/pgp00000.pgp
Description: PGP signature