Portsentry Question

From: QSergio_Cu=E9llar=22?= (herrsergio_at_gmail.com)
Date: 12/30/04

  • Next message: Paul Johnson: "Re: Mysterious use of bandwidth? Any tools to nail it?"
    Date: Thu, 30 Dec 2004 15:00:15 -0600
    To: debian-user@lists.debian.org
    
    

    Hi,

    I really not sure whats happening with portsentry, before I start the
    daemon I use nmap to see the open ports:
    And I get only:

    22/tcp open ssh
    25/tcp open smtp
    80/tcp open http
    111/tcp open rpcbind

    Then i use nestat too, and I get something like this:

    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
    tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
    tcp6 0 0 :::22 :::* LISTEN
    udp 0 0 0.0.0.0:111 0.0.0.0:*

    Which I considered normal, but then I start portsentry, and I use
    again nmap the result is that the machine has a lot of open ports.
    And then I use netstat and I get the same ports reported by nmap in
    State:LISTEN.

    Is it normal that portsentry opens a lot of ports ? The version of
    portsentry that I am using is
    1.2-5, with sarge. I have used portsentry with another distro and
    this doesnt happen.

    Thanks,
    Sergio Cuéllar

    -- 
    "Meine Hoffnung soll mich leiten
    Durch die Tage ohne Dich
    Und die Liebe soll mich tragen
    Wenn der Schmerz die Hoffnung bricht"
    

  • Next message: Paul Johnson: "Re: Mysterious use of bandwidth? Any tools to nail it?"

    Relevant Pages

    • Portsentry Question
      ... I really not sure whats happening with portsentry, ... again nmap the result is that the machine has a lot of open ports. ... Is it normal that portsentry opens a lot of ports? ...
      (Debian-User)
    • Re: Starting an application as root
      ... root pasword to continue, others such as the gui interface for nmap ... but they aren't included in Fedora as running gui apps as root opens ...
      (Fedora)
    • Re: Starting an application as root
      ... root pasword to continue, others such as the gui interface for nmap ... but they aren't included in Fedora as running gui apps as root opens ...
      (Fedora)
    • Re: BackOrifice?
      ... >> that gets routed through a cisco firewall to a linux machine, ... I thought BackOrifice was a windows backdoor. ... > It's probably just some "IDS" like portsentry, which opens known ... > Search Google.com for portsentry (don't know the URL, ...
      (comp.os.linux.security)