Archive for the tag 'ports'

SBDavid
Oct 8th, 2009

Verifying Which Ports Are Listening

Verifying Which Ports Are Listening

After configuring network services, it is important to pay attention to which ports are actuallylistening on the system’s network interfaces. Any open ports can be evidence of an intrusion.

There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack by typing commands such as netstat -an or lsof -i.

# netstat -an

Or

#lsof -i

This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system.
For this reason, these applications are frequent targets for replacement by attackers. In this way, crackers attempt to cover their tracks if they open unauthorized network ports.

A more reliable way to check which ports are listening on the network is to use a port scanner such as nmap.

root@:~# nmap -sT -O localhost

Starting Nmap 4.76 ( http://nmap.org ) at 2009-10-08 11:31 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 997 closed ports

PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
3128/tcp open squid-http
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.22
Network Distance: 0 hops
OS detection performed.
Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 3.15 seconds
SBDavid
Sep 13th, 2009

Changing the proxy ports and addresses in Webmin

Changing the proxy ports and addresses in Webmin

By default, Squid listens for proxy requests on TCP port 3128 on all of your system’s IP addresses. Because this is not the usual port that proxies are run on (8000 and 8080 seem to be the most common), you may want to change it. You might also want to edit the listening address so that only clients on your internal network can connect, if your system has more than one network interface.

To specify the ports that Squid uses, follow these steps :

1. On the module’s main page, click on the Ports and Networking icon.

2. In the Proxy addresses and ports table, select the Listed below option. In the table below, each row defines a listening port and optionally an address to bind to. Any existing ports and addresses will be listed, followed by a single blank row for adding a new one. In the first empty field in the Port column, enter a port number like 8000 or 8080. In the Hostname/IP address column, either select All to accept connections on any of your system’s interfaces, or the second option to enter an IP address in the adjacent text box. Using this table, Squid can be configured to listen on as many ports as you like. However, because only one blank row appears at a time you will need to save and re-open the form to add more than one new port.

3. ICP is a protocol used by Squid to communicate with other proxies in a cluster. To listen on a port other than the default of 3130 for ICP, fill in the ICP port field. This is not generally necessary though, as only other proxies ever use this protocol.

4. Squid will normally accept ICP connections on any IP address. To change this, select the second radio button in the Incoming UDP address field and enter one of your system’s interface IPs into its text field. This can be useful if all of the other proxies that your server might want to communicate with are on a single internal LAN.

5. Click the Save button at the bottom of the page to update the configuration file with your new settings, then click the Apply Changes link back on the main page to activate them.

Article taken from http://doxfer.com/

SBDavid
Jul 16th, 2009

Search and install ports in FreeBSD

Search and install ports in FreeBSD

Ports are the collections of system tools that are used in FreeBSD.

How to search a port?

For example, we need to seach a port for ‘wget’ to install it. Use the following commands to search.

# cd /usr/ports
# make search name=wget | grep Path

How to install a port?

Installing ports is very easy, just execute the command given below. Suppose the path is /usr/ports/www/wget

# cd /usr/ports/www/wget
# make install clean
Or
# make; make install; make clean
SBDavid
Jun 14th, 2009

Configure Apache to listen multiple ports

Configure Apache to listen multiple ports

The listen directive in the Apache configuration file can be used to make Apache to listen in a particular port or IP address or port combination.

Listen 80
Listen 8000

In this format the Apache server listens on the given ports on all interfaces (IP addresses) which are up in the server. If you mention the above two directives in the Apache configuration file then the Apache server will listen on both the ports 80 and 8000. Multiple Listen directives may be used to specify a number of addresses and ports to listen to.

Listen IP:80

You need to replace the IP address in this example with the IP address you want the Apache service to listen. In this format an IP address is given as well as a port. In this case the server will listen on the given port and interface( IP address ). If you want the Apache service to listen on two IP addresses in the server you can use multiple listen directive in the configuration file.

Listen IP1:80
Listen IP2:80

Please remember to restart the Apache service in the server once the changes are made to the configuration file.

SBDavid
May 24th, 2009

Ports that needs to be opened in firewall

DirectAdmin Access: Ports that needs to be opened in firewall.

20,21: FTP.

Note that ftp will use a “random high port number” if the client is in PORT mode, so you may need to add a port range into your /etc/proftpd.conf file to allow ftp connections, eg:

PassivePorts 35000 35999

22: ssh access

25, 587: smtp for exim to recieve email

53: dns (named), so your sites resolve. TCP/IP and UDP here.

80, 443: apache traffic, http and https

110, 993: client pop email access
143, 995: clients imap email access

2222: DirectAdmin Access

3306: mysql acess. For remote mysql access.

« Prev