<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-GB link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Hello Guys,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I’ve just been studying my build here with netstat and
found a few ports which are listening and I’m not convinced that they
should be ;-)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>tcp 0 0 0.0.0.0:68
0.0.0.0:* LISTEN<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 127.0.0.1:3306
0.0.0.0:* LISTEN<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 0.0.0.0:111
0.0.0.0:* LISTEN<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 0.0.0.0:53 0.0.0.0:*
LISTEN<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 0.0.0.0:1723
0.0.0.0:* LISTEN<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 192.168.1.64:35760
192.168.1.66:83 TIME_WAIT<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 192.168.1.64:35762 192.168.1.66:83
TIME_WAIT<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 192.168.1.64:35757
192.168.1.66:83 TIME_WAIT<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 192.168.1.64:35758
192.168.1.66:83 TIME_WAIT<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 192.168.1.64:35759
192.168.1.66:83 TIME_WAIT<o:p></o:p></p>
<p class=MsoNormal>tcp 0 0 192.168.1.64:35761
192.168.1.66:83 TIME_WAIT<o:p></o:p></p>
<p class=MsoNormal>tcp6 0 0 :::53
:::* LISTEN<o:p></o:p></p>
<p class=MsoNormal>tcp6 0 0 :::22
:::* LISTEN<o:p></o:p></p>
<p class=MsoNormal>tcp6 0 1128 ::ffff:192.168.1.64:22
::ffff:192.168.1.:51880 ESTABLISHED<o:p></o:p></p>
<p class=MsoNormal>tcp6 0 0 ::ffff:192.168.1.64:22
::ffff:192.168.1.:51877 ESTABLISHED<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Now, I see the established :22 connections at the bottom,
these are quite expected, also the outbound connections on :63 to my test
server, again I would expect these. However, :68, :111, :53, :1723 are all
unknown to me. Do you recognise what any of these are for?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Generally speaking I only require outside access to port 22,
no other ports should be needed, is that correct? Or are some of these other
ports required for vital services that I’m just not aware of?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Can you guys recommend the best way to get these closed up? Just
helps eliminate the vulnerabilities.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Robert<o:p></o:p></p>
</div>
</body>
</html>