PDA

View Full Version : newbie dhcp stealth problems



/Knoppix/Knewbie/
09-06-2003, 03:25 PM
i tried nmap rooted and got

Starting nmap 3.27 ( www.insecure.org/nmap/ ) at 2003-09-06 15:06 CEST
Interesting ports on rooted (127.0.0.1):
(The 1621 ports scanned but not shown below are in state: closed)
Port State Service
68/tcp open dhcpclient
111/tcp open sunrpc

Nmap run completed -- 1 IP address (1 host up) scanned in 1.694 seconds

now this is what i found out at gibson research - shields up

Port 68

Name: bootpc
Purpose: Bootstrap Protocol Client
Description:
Related Ports:
Background and Additional Information:
Trojan Sightings: Subseven


Name: sunrpc
Purpose: SUN Remote Procedure Call
Description: This port is used as a well-defined means for determining the
ports upon which other services in the system are running. It is referred to
as a "portmapper" because it provides a directory, or "mapping" between
available services and their ports. This is similar to Microsoft's infamous
DCOM DCE port 135.
Related Ports:
135

Background and Additional Information:
Port 111 is a security vulnerability for UNIX systems due to the number of
vulnerabilities discovered for the portmapper and related RPC services.

--
i also have firestarter running as a service and wont to stop it..

i tried
# /etc/init.d/<$firestarter> stop
# /etc/init.d/ $firestarter stop
/etc/init.d/<$firestarter> stop
/etc/init.d/ $firestarter stop

and none of these seemed to stop firestarter
i would like to stop firestarter so i can use this line for stealth.

/sbin/iptables -A INPUT -p tcp --syn -j DROP

cheers

/K/K/