Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

Securing Ports

Discussion in 'General Marketing' started by stealthhosts, Aug 6, 2005.

  1. stealthhosts

    stealthhosts New Member Webmaster

    Why should ports be secured ?

    Open ports are via which a hacker determines what daemons your server is running, and whether or not, your system can be exploited or not. Port scan is the first thing that is done to fingerprint your OS and determine what is running. Open ports behave like open windows in your house. The more closed and armoured windows you have, the less thempting to thieves. Open ports in the server work in the same way, the more they are, the more tempting they become.

    Though closing ports seem a good idea, some exploits, or updates might reset the ports back

    redhat, fedora, debian, freebsd

    The ports of your server is controlled by the file /etc/services.

    Additional ports are controlled by the file /etc/rpc. It is safe to move/rename the /etc/rpc file

    mv /etc/rpc /etc/rpc-moved 
    Then, backup your services file.

     cp /etc/services /etc/services.original 
    Now, from your favourite editor, edit your services file.

    As an example, in all the CPanel and Plesk servers that I monitor, the /etc/services is:

    echo 7/tcp   
    echo 7/udp   
    ftp-data 20/tcp   
    ftp 21/tcp   
    ssh 22/tcp   
    smtp 25/tcp mail  
    domain 53/tcp   
    domain 53/udp   
    http 80/tcp www www-http 
    pop3 110/tcp pop-3  
    imap 143/tcp imap2  
    https 443/tcp   
    smtps 465/tcp   
    syslog 514/udp   
    imaps 993/tcp   
    pop3s 995/tcp   
    rndc 953/tcp   
    rndc 953/udp   
    mysql 3306/tcp   

    When you suspect that your server is compromised, be sure to check /etc/services. Sometimes, you will find a line that will allow the attacker to connect directly to a port in your system and get shell without authentication.

Featured Resources (View All)

Share This Page