cable modem activity

Mel Seder melseder-/E1597aS9LQAvxtiuMwx3w at public.gmane.org
Wed Apr 28 01:01:52 UTC 2004


--- Kevin Cozens <kcozens-qazKcTl6WRFWk0Htik3J/w at public.gmane.org> wrote:
> Greetings, Mel.
> 
> For some reason, parts of the message got a bit garbled.
> 
> At 03:44 PM 04/23/2004, Mel Seder wrote:
> > > could have temporarily shutdown the network support (ieie/sbsbinervice
> > > network stop).
> >
> >Right you are I take it the syntax would be #/sbsbinervice network stop.  Is
> >that correct?
> 
> /sbin/service network stop
> 
> > > indicated that you have open ports for LDLDAPsome unspecified service on
> > > port 1002, and a SQSQLatabase on port 1720. Unless you need to make these
> > > ports accessible to people outside your local network, you should do
> > > something to limit access to these ports.
> >
> >Uh Oh!  My router only has the ssh port forwarded.  Come to think of it I 
> >don't
> >know how ftp,  hthttpnd possibly others are able to communicate as they have
> >not been forwarded by my router.  Is there a place to look to see if
> LDLDAPnd
> >SQSQLan be disabled?  I assume that they are not needed unless I am running
> >LDLDAPnd SQSQLhich I don't think I am running?
> 
> If you don't need LDAP services or a SQL database on your machine, you 
> should modify your startup scripts so these services won't start 
> automatically when you boot the machine. If you have it on your machine, 
> chkconfig is one way to alter which startup scripts are run at boot time. 

I ran chkconfig and got the following

[mel-lwfWIikfpTg at public.gmane.org mel]$ /sbin/chkconfig --list ldap
ldap            0:off   1:off   2:off   3:off   4:off   5:off   6:off
[mel-lwfWIikfpTg at public.gmane.org mel]$ /sbin/chkconfig --list mysqld
mysqld          0:off   1:off   2:off   3:off   4:off   5:off   6:off
[mel-lwfWIikfpTg at public.gmane.org mel]$

it looks like they are off so I don't know why they appeared on a port scan ??


ps didn't show very much.  Do I need parameters? If so what are they?

[mel-lwfWIikfpTg at public.gmane.org mel]$ ps
  PID TTY          TIME CMD
10642 pts/2    00:00:00 bash
10780 pts/2    00:00:00 ps
[mel-lwfWIikfpTg at public.gmane.org mel]$



> You should also use ps and lsof to see what programs are running after your 
> machine starts and to which ports your machine is listening. 

I ran lsof and got hundreds of lines of output.  I don't know what to look for
and how to filter the output.



And don't 
> forget to review the configuration of inetd. Just a heads up in case you 
> haven't already done all of this.
> 
> >However I'm scared to death of IPIPtablesnd fifilewalls If you
> >know of a site about momonmothaor dummies/(network impaired) newbies let me
> >know and alallthough can't prpromise'll try it I do prpromise will read it
> or
> >at least read it until I get too scared :-)
> 
> The MonMotha script isn't that difficult to set up. You edit a few 
> variables near the top of the script and the rest of the script builds all 
> the rules you need. The script will typically deny any inbound connections 
> except for the ports you specify.
> 
> The main site for MonMotha is:
> http://monmotha.mplug.org/firewall/
> 
> Some useful documentation about the script can be found here:
> http://www.mplug.org/phpwiki/index.php?MonMothaReferenceGuide
> 
> 
> 
> Cheers!
> 
> Kevin.  (http://www.interlog.com/~kcozens/)
> 
> Owner of Elecraft K2 #2172        |"What are we going to do today, Borg?"
> E-mail:kcozens at interlog dot com|"Same thing we always do, Pinkutus:
> Packet:ve3syb-XXPEJ3/fxIc at public.gmane.org#con.on.ca.na|  Try to assimilate the world!"
> #include <disclaimer/favourite>   |              -Pinkutus & the Borg
> 
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml


=====
The true measure of a man is how he treats someone who can do him 
absolutely no good. -Samuel Johnson, lexicographer (1709-1784)
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list