[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Port scans on 69
- Subject: RE: [cobalt-users] Port scans on 69
- From: BSmith@xxxxxxxxxxx
- Date: Mon Dec 30 09:34:02 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
-----Original Message-----
From: cobalt raq4 [mailto:cobalt_list@xxxxxxxxxxx]
Sent: Monday, December 30, 2002 12:16 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Port scans on 69
Hi all,
I have searched the archives and not found anything of any real use and this
being a potential vulnerability it needs to be of the minute info and not
referenced to some old vulnerability.
We have seen a massive upsurge in portscans on port 69, we are getting along
the lines of 200 scans a day.
Correct me if I am wrong in any of the following:
* Port 69 is for tftp - ftp with no authentication that if configured
incorrectly can allow for transmission password files etc from one box to
another.
This is probably nothing or unrelated hence I will post this in both the
cobalt users and security lists.
so what are your thoughts people?
_________________________________________________________________
Install IPChains, and block all non-essential ports coming into your Cobalt
:)
Since IPChains works out of the Kernel space, and NOT the user space, it
will
protect you before any application has a chance to grab the data coming in
from the port.
Next, turn off any service you know your NOT using ... like TFTP ...
Look at your /etc/inetd.conf file to see what the super daemon runs ... look
at "netstat -na" to see what ports you have open. Start closing some of
those
ports down from the outside world.
You don't need to many ...
DNS, POP3, SMTP, WWW, WWW-SSL, WWW-ADMIN (81), FTP, FTP-DATA, SSH, should be
more then enough to run your RaQ 4 fine.
Happy securing,
Brian