I know you definitely don't want the finger port open, and you probably more
than likely don't want the sunrpc or listen ports open. The other one I'd
question the need for is the cvspserver.
Hope that helps
Robb
-----Original Message-----
From: Steve Buehler [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 03, 2002 9:24 AM
To: [EMAIL PROTECTED]
Subject: Re: How can I take action on the hacker if I manager to get his IP
address
I downloaded and ran the nmap program on one all of my servers. Does the
"shell" really need to be on? I noticed that only one of my servers has
that turned on. The list below is for the server that has the most open
ports. The difference between this server and the others are the following
ports are open here, but not on the others (and I am not sure if they
should be on or off): finger, sunrpc, login, shell, submission, kdm,
listen, cvspserver, ppp, nessusd.
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
79/tcp open finger
80/tcp open http
98/tcp open linuxconf
109/tcp open pop-2
110/tcp open pop-3
111/tcp open sunrpc
113/tcp open auth
143/tcp open imap2
443/tcp open https
513/tcp open login
514/tcp open shell
587/tcp open submission
1024/tcp open kdm
1025/tcp open listen
2401/tcp open cvspserver
3000/tcp open ppp
3001/tcp open nessusd
3306/tcp open mysql
At 06:26 AM 5/3/2002, [EMAIL PROTECTED] wrote:
>I would use nmap to do a local portscan to see which services are running
and
>disable those you do not need.
>
>
>
>
>
>On Fri, 3 May 2002 06:50:26 -0700 "Jim Bija" <[EMAIL PROTECTED]> wrote:
> >If he caused 5 thousand dollars or more in damage (which includes any and
> >all things needed to be done to reverse what he did, peoples time etc)
and
> >what he did had malicious intent.. call your local F.B.I. they will take
> >care of him.
> >i caught someone on a small ISP and called the feds. i handed this punk
over
> >to the FBI on a silver platter. turned out he was part of a HUGE
distributed
> >DOS network, one of the places they were attacking was
> >whitehouse.gov..heh...after a while i asked, so whats going on with the
case
> >and it turned into a
> >"i can no longer comment on the ongoing case, thanks for your help"...
> >Jim.
> >
> >----- Original Message -----
> >From: "Tsing Moh Lim" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Friday, May 03, 2002 2:26 AM
> >Subject: How can I take action on the hacker if I manager to get his IP
> >address
> >
> >
> >> My server was hack and I managed to capture the ip address with date
and
> >time
> >> on a remote logging system.
> >>
> >> How can I take action against him or warn him ? ?
> >>
> >> Is there a tool that I could use to check on my server vulnerability.
> >>
> >> Thanks and regards
> >>
> >>
> >> Moke
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Redhat-list mailing list
> >> [EMAIL PROTECTED]
> >> https://listman.redhat.com/mailman/listinfo/redhat-list
> >>
> >
> >
> >
> >
> >_______________________________________________
> >Redhat-list mailing list
> >[EMAIL PROTECTED]
> >https://listman.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
