TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
security
Two security questions:
On a server, I have /etc/hosts.deny ALL:ALL and hosts.allow
ALL: 192.168.1.0/255.255.255.0 --intranet has full access
sshd: ALL -- everyone has ssh
I ran nmap on this server from outside the intranet and it says lots of
things are open:
Starting nmap V. 2.02 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on sf-usr4-21-149.dialup.slip.net (207.171.246.149):
Port State Protocol Service
21 open tcp ftp
22 open tcp unknown
23 open tcp telnet
25 open tcp smtp
37 open tcp time
53 open tcp domain
70 open tcp gopher
79 open tcp finger
80 open tcp http
98 open tcp linuxconf
109 open tcp pop-2
110 open tcp pop-3
111 open tcp sunrpc
113 open tcp auth
137 filtered tcp netbios-ns
138 filtered tcp netbios-dgm
139 filtered tcp netbios-ssn
143 open tcp imap
513 open tcp login
514 open tcp shell
895 open tcp unknown
I can't use, say, imap from outside the normal way, but is it still a
security liability, or now? (137-139 are filtered from ppp0). If it is,
what should I do -- (this doesn't have to be very anal, because it is a
dynamic ip dialup, but still -- I noticed someone trying my imap
connection from outside ...)
Also, how can I have ssh (or telnet) only let certain users login from
ppp0? Some users have wussy passwords which is fine within the network,
but I'd like to disable access to these accounts from the outside (ie
ppp0).
Thanks,
Ben
Ben Luey
lueyb@carleton.edu
ICQ: 19144397
Modern computerized word processing enables us, both as individuals and as a
cohesive societal entity, to exponentially enhance and aggrandize the
parameters, both qualitative and quantitative, not to mention paradigmatic, of
out communicative conceptualizations because now we can spell great big words
correctly without having a clue what they mean. -- Dave Barry