Saturday 28 January 2012

Security Scan

This is just a quick list of things I'm going to do periodically to test the security of the systems I'm running:

  1. GRC's Sheilds Up utility on all external network interfaces for machines that I can run Chrome on
  2. On the server I have no GUI and Shields Up doesn't run in Lynx. Instead I used nmap

First time through with Shields Up I found that my home router had the SNMP port 161 open. This is a BT Home Hub version 3.0. It would appear that it is not possible to turn this off. I'll have to raise a help request with BT to turn it off.

On the server I had a surprise that ports 554 and 7070 were open. Looking in /etc/services it said that 554 was Real Time Streaming Protocol, and 7070 wasn't listed. To find out what was listening on the ports I ran:

sudo lsof -i :554
sudo lsof -i :7070

Both of those returned nothing. Next I tried:

sudo netstat -a |grep LISTEN |grep -v unix

That didn't find anything bound to those ports at all. I asked the helpful people at Rimu Hosting if they knew what was going on.

Update 29 Jan 2012: The Rimu Hosting people came back and said that when they ran nmap against the IP address they didn't see anything on ports 554 or 7070. Strange. I need to get someone else to run the nmap scan from a different location to see what they see.

1 comment:

JosephRedfern said...

You may well have discovered this after 3 years - but it appears the HomeHub intercepts all outbound requests to 554/7070. If you nmap ANY box from a machine behind a homehub, those ports will show as being open.