This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

open ports

Hi

A friend of mine portscanned my system a few moments ago. He discovered some open ports from which I think that these should be closed:

389 - LDAP
1002 - NetMeeting
1720 - H323

I'm using all the Proxies. My Packetfilter rules do not allow any of these ports. Any LDAP Auth methods are disabled..

(Also the Portscan wasn't reported by the IDS...)

This thread was automatically locked due to age.

Parents

0 bce over 21 years ago

are you using neetmeeting and forward the ports to an internal machine?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 bce over 21 years ago

are you using neetmeeting and forward the ports to an internal machine?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 dt_ over 21 years ago in reply to bce

no, no netmeeting and no forwarding of any of these ports. In fact, these ports should be covered by my Any Any Any DROP rule...

ports 1002 and 1720 don't even show up in my service definitions.
Cancel
Vote Up 0 Vote Down

Cancel
0 Moby over 21 years ago in reply to dt_

One of the proxies must be listening on these ports. When a proxy is enabled, it opens the port before any of your packet filter rules are applied. For example, if you are using SMTP proxy, you cannot write any packet filter rules to prevent certain IPs from opening port 25 on your firewall.

I'm not familiar with the proxies other than SMTP, so I unfortunately cannot tell you how you disable those ports (or if you can at all).
Cancel
Vote Up 0 Vote Down

Cancel
0 PenTest over 21 years ago in reply to Moby

do you actually mean open or do you mean filtered or closed.

there are subtle differences
Cancel
Vote Up 0 Vote Down

Cancel