Network Security With nmap By *** *****

Installing nmap netlab-2# cd /usr/ports/security/nmap netlab-2# make install all

Ethernet interface netlab-2# nmap Starting nmap V ( ) Interesting ports on netlab-2.labnet.cse.ucsc.edu ( ): (The 1588 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open sunrpc 587/tcp open submission 1020/tcp open unknown 1021/tcp open unknown 1022/tcp open unknown 1023/tcp open unknown 2049/tcp open nfs 8080/tcp open http-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds

Wireless Interface netlab-2# nmap Starting nmap V ( ) Interesting ports on netlab-2.net2.labnet.cse.ucsc.edu ( ): (The 1588 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open sunrpc 587/tcp open submission 1020/tcp open unknown 1021/tcp open unknown 1022/tcp open unknown 1023/tcp open unknown 2049/tcp open nfs 8080/tcp open http-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds

Netlab server ethernet interface netlab-2# nmap Starting nmap V ( ) Interesting ports on netlab.labnet.cse.ucsc.edu ( ): (The 1593 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 515/tcp open printer 587/tcp open submission 5999/tcp open ncd-conf Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds

A possible problem Port 1020 is open A known trojan called VAMPIRE attacks at this port

The solution Close port 1020! In /etc/rc.firewall: ${fwcmd} add reject from any to port 1020 via ${oif}

The security job is never done No matter how secure your firewall is, there are always going to be ways to exploit your computer, server, or LAN Take precautions, but also keep monitoring