Listening ports on the external interface

[archived]

Does anyone have a list of ports that pluto is listening for on the external interface.

Both interfaces would be preferable but at the very least what is pluto listening for if anything on the external interface.

Thanks

[archived]

Ran a test and it shows the following ports open on the external interface by default:
22
53
80
111
123
137
139
445
2049
3306
8080

On the internal interface by default:
22
53
80
111
123
137
139
445
2049
3306
5060
8080

Hope this helps.

Kindest regards,
Sevak

[archived]

Does anyone know why it is listening to so many external ports? If this is supposed to be my gateway between my network and the outside world I would prefer that it be locked down. I am not hosting a webiste of the Pluto system or serving up e-mail.

(Hint Hint to pluto developers. I would love to have a mail server on here. Postfix is a great choice. here is a great how to on how to do it ---- http://postfixwiki.org/index.php?title=Virtual_Users_and_Domains_with_Courier-IMAP_and_MySQL )

I am all for the Pluto box being able to host a small family website. So at that point it would need to be listening on 80, and 53 for HTTP and DNS traffic but why the long list of other ports.

[archived]

Port info can be found here:
http://www.iana.org/assignments/port-numbers

From what I see, the following ports are used in this way:

22 - SSH server (need it)
53 - DNS
80 - web server for the pluto-admin page.  Probably want to lock it from outside by using the "Outside Access" page in the Wizard menu.
111 - sunrpc SUN Remote Procedure Call - no idea why open
123 - ntp Network Time Protocol
137 - NETBIOS Name Service  - Probably should lock from outside.  Not needed facing external.
139 - NETBIOS Session Service - Probably should lock from outside.  Not needed facing external.
445 - Microsoft-DS - Probably should lock from outside.  Not needed facing external.
2049 - Network File System - Sun Microsystems - Probably should lock from outside.  Not needed facing external.
3306 - MySQL - Probably should lock from outside.  Not needed facing external.
8080 - HTTP Alternate usually used for proxy servers.  Probably not needed facing external unless you want to put a web page on this port.

You should be able to lock down all of it from the Advanced->Network->Firewall Rules section.

Sevak

[archived]

Hi all

just giving a very short answer .... and consider also that I'm not a network guru ...

To my knowledge NETBIOS ports are normally closed on external interface of Pluto core/hybrid.

I can tell you because by default Pluto takes IP address like 192.168.80.x, while in my home network all devices are on 192.168.1.x
So when I happen to access a shared directory on my Pluto hybrid from my laptop normally I cannot get in, unless I issue a:

iptables -P INPUT ACCEPT

on a ssh console on my Pluto hybrid.

So firewall rules should already be set to do it.

I also remember some posts on this forum regarding this topic (accessing shared dirs from a home pc on a different subnet)

Please correct me if I'm wrong.

Regards
Marco

[archived]

i don't know if that is possible, i've scanned 2 Pluto systems and the result was the same:

Code: [Select]


root@plutohome:~$ nmap pluto1 pluto2 pluto3 pluto4

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-06-07 10:39 EEST
Interesting ports on pluto1 (192.168.80.1):
(The 1669 ports scanned but not shown below are in state: filtered)
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
2000/tcp closed callbook
3306/tcp open   mysql
8080/tcp open   http-proxy

Interesting ports on pluto2 (192.168.80.2):
(The 1669 ports scanned but not shown below are in state: filtered)
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
2000/tcp closed callbook
3306/tcp open   mysql
8080/tcp open   http-proxy

Interesting ports on pluto3 (192.168.80.3):
(The 1669 ports scanned but not shown below are in state: filtered)
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
2000/tcp closed callbook
3306/tcp open   mysql
8080/tcp open   http-proxy

All 1674 scanned ports on pluto4 (192.168.80.4) are: closed

Nmap finished: 4 IP addresses (4 hosts up) scanned in 30.989 seconds
root@plutohome:~$



Try to see what other services you've started, it makes no sense to have that bunch of ports opened.

[archived]

Hi,

maybe I'm wrong, but as I can see you scanned Media Directors and Thread is talking about opened ports on Core...

Regards,

Rob.

[archived]

3 of them are Hybrid and one is Core
that's not the ip they have, i've changed it when i dumped the output of nmap here.

[archived]

ovidiu,

Using nmap as you ran it without other parameters will only ping a machine.  This isn't the best method for checking open ports, since, among other factors, most pings are dropped or not replied to when used in this way.  Also, nmap will not show any vulnerabilities.  A better tool would be nessus.

The results I've posted previously are run using nessus with aggressive parameters.  This is a better indication of what ports are open and vulnerabilities exist on the box.

Kindest regards,
Sevak

[archived]

can you tell me what "aggressive parameters" did you use to get those results ?
i'm interesed to scan our systems with nessus and the same parameters you used.

[archived]

Answer my alarm panel question first and I'll answer your question.
 :wink: