Security Basics mailing list archives
Re: locking down my solaris box
From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Fri, 14 May 2004 10:01:42 +1000
Hi Juan, You can comfortable turn of echo, discard, daytime, chargen. Some Solaris hardening links: http://www.softpanorama.org/Solaris/hardening.shtml http://www.sun.com/bigadmin/content/submitted/Solaris_build_document.pdf http://www.securityfocus.com/infocus/1365 Port descriptions http://www.iana.org/assignments/port-numbers cheers Ivan Ivan Coric, CISSP IT Technical Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au
Juan Declet <Juan.Declet () asu edu> 05/13/04 02:27am >>>
The following services are running in my Solaris machine, according to nmap: Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-05-11 19:07 US Mount ain Standard Time Interesting ports on myhost.com (The 1631 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 7/tcp open echo 9/tcp open discard 13/tcp open daytime 19/tcp open chargen 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 515/tcp open printer 540/tcp open uucp 587/tcp open submission 898/tcp open sun-manageconsole 901/tcp open samba-swat 5901/tcp open vnc-1 6000/tcp open X11 6001/tcp open X11:1 6112/tcp open dtspc 7100/tcp open font-service 9999/tcp open abyss 32772/tcp open sometimes-rpc7 32775/tcp open sometimes-rpc13 32776/tcp open sometimes-rpc15 32777/tcp open sometimes-rpc17 32778/tcp open sometimes-rpc19 Nmap run completed -- 1 IP address (1 host up) scanned in 44.844 seconds There are services that I know I need, such as samba-swat, sun-manageconsole, abyss, vnc, etc. This server offers http and samba services, but not much else. Can someone shed some light on what the echo, discard, daytime, chargen services are for, and if there is any potential of hosing the machine if these are disabled? I am trying to lockdown this machine against intrusions. Also, I would like to know what file(s) hold info on which services use which ports. Regards, Juan Declet --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- locking down my solaris box Juan Declet (May 13)
- RE: locking down my solaris box Robert Escue (May 14)
- Re: locking down my solaris box John Jasen (May 14)
- Re: locking down my solaris box Ivan Angelov (May 14)
- Re: locking down my solaris box Jay D. Dyson (May 14)
- <Possible follow-ups>
- RE: locking down my solaris box Amin Tora (May 14)
- Re: locking down my solaris box Ivan Coric (May 17)