| View previous topic :: View next topic |
| Author |
Message |
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
 Posted: Thu Jun 02, 2005 8:51 pm Post subject: |
 |
|
I did do a stage 3 install
but i need to run tripwire, tftp etc
and thos eare not on the package cd
unless i have the WRONg package cd and not seeing it....
Just to verify...i have the package-x86-2005.iso
can you send me the link for the cd that have the packages for tripwire, net-snmp, tftp please..
Ona nother note...my boss does not want any mail services or telnet running...
so if i did do a emerge -O and not install the dependencies such as the mail services is that going to be a problem?
Will the programs still function? |
|
| Back to top |
|
 |
limn
l33t
Joined: 13 May 2005
Posts: 997
|
| Posted: Thu Jun 02, 2005 8:58 pm Post subject: |
|
|
| Quote: | Packages such as vixie-cron and tripwire automatically installs the mail services as their dependencies.
Hece the reason the ports were open.
|
So anytime someone wants cron services or file integrity checking they get a POP3 mail server automatically? |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Thu Jun 02, 2005 9:07 pm Post subject: |
|
|
| Quote: | but i need to run tripwire, tftp etc
and thos eare not on the package cd |
Sorry about that! You are correct. |
|
| Back to top |
|
|
christsong84
Veteran
Joined: 06 Apr 2003
Posts: 1003
Location: GMT-8 (Spokane)
|
| Posted: Thu Jun 02, 2005 9:10 pm Post subject: |
|
|
download from one of the gentoo mirrors...they should have the package file.
_________________
while(true) {self.input(sugar);}  |
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Thu Jun 02, 2005 9:42 pm Post subject: |
|
|
Frankly this is what I am doing...
I am downloading the whole distfiles from a gentoo mirror
Copying it to a CD and installing the necessary packages from there using
| Code: |
export PKGDIR="/mnt/cdrom"
emerge --usepkg <package name>
|
I have not exactly tested this theory yet since it is still dloading.
taking me 6hrs.////
hencee Imagine if i had to do a network install...i will be sittin here for DAYSSS
i installed a base gentoo server NETWORKLESS in 1 and a hf hrs MAX
| Quote: | Quote:
Packages such as vixie-cron and tripwire automatically installs the mail services as their dependencies.
Hece the reason the ports were open.
So anytime someone wants cron services or file integrity checking they get a POP3 mail server automatically? |
yes for me i did a | Code: | | emerge -p <package name> |
and it showed that it needs the dependencies of the mail service and smtp hence my pop3 and smpt ports were open. 
when i emerged it it automatically installed the services for me..which i DID NOT want...
so i am going to try doing | Code: |
emerge -O <package name> |
and see if it works...as in if the service works properly...
I have yet to find out if these programs work without the mail service....
So for all thos out there who do have the smail service installed (pratically EVERYONE I BET)
how do you TURN it OFF??
Like close ports 25 and 110 and 21??
What are the steps? |
|
| Back to top |
|
|
limn
l33t
Joined: 13 May 2005
Posts: 997
|
| Posted: Thu Jun 02, 2005 9:56 pm Post subject: |
|
|
| Quote: | | when i emerged it it automatically installed the services for me..which i DID NOT want... |
No, that does not just happen. As you note, that would mean almost everyone using Gentoo as a desktop would be running mail services they don't want or need, and that is not the case. |
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Thu Jun 02, 2005 10:06 pm Post subject: |
|
|
| Quote: | Quote:
when i emerged it it automatically installed the services for me..which i DID NOT want...
No, that does not just happen. As you note, that would mean almost everyone using Gentoo as a desktop would be running mail services they don't want or need, and that is not the case. |
So then WHAT is THe case???
First off, I am using Gentoo as a Server.
I did a VERYYY MINImal install with absoloutly nothinggggggg.
ran an nmap..only port that was open was port 22 for ssh...cuz i had to transfer some files in.
Then when i did a emerge -p vixie-cron
The dependencies were the mail services and smtp...
when i did a emerge vixie-cron
YOU CAN see the smpt and mail-base services being installed...
So what are you trying to tell me?
That they can be installed but not "Activated"???
If so then why are the ports "open" when i run an nmap??
and HOW do I close them? |
|
| Back to top |
|
|
limn
l33t
Joined: 13 May 2005
Posts: 997
|
| Posted: Thu Jun 02, 2005 11:21 pm Post subject: |
|
|
| The footprints of nmap and netstat above do not match. They should, vixie-cron and the rest set aside. The first thing we need to do is figure out why they don't. The simplest answer is that the nmap output is for a different box than the netstat output. That's why I asked for the ifconfig output. |
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Fri Jun 03, 2005 12:05 am Post subject: |
|
|
Oh
I kneo why it doesnt match......i had to change ip address so that i could get out on the net
It is for the same box
Dont worry about that
thats NOT the problem!! |
|
| Back to top |
|
|
christsong84
Veteran
Joined: 06 Apr 2003
Posts: 1003
Location: GMT-8 (Spokane)
|
| Posted: Fri Jun 03, 2005 12:15 am Post subject: |
|
|
I still maintain that it's the firewall that closes ports...just needs proper configuration and having it applied.
_________________
while(true) {self.input(sugar);} |
|
| Back to top |
|
|
limn
l33t
Joined: 13 May 2005
Posts: 997
|
| Posted: Fri Jun 03, 2005 12:50 am Post subject: |
|
|
| Humor me. Run an ifconfig on your box and compare the HWaddr address in the output to the MAC address listed in the output of nmap. If they are for the same box these should be the same, no matter what IP you assigned. If they are different, it supports the theory that we are talking about two different boxes. And if the MAC addresses are the same, you have a more serious problem than figuring out how to close the ports. |
|
| Back to top |
|
|
mcspiff
Tux's lil' helper
Joined: 24 Oct 2004
Posts: 109
|
| Posted: Fri Jun 03, 2005 12:56 am Post subject: |
|
|
| AsianSpices wrote: | Okie
thanks for the reply,But thats not possible.
We are on our own little network a 192.168.0.x
and the ony time I put it in the company network was to do the nmap to show you guys.
and I am the only one doing any ssh into the mechine.
Even if the "attacker" opened it.....How are they going to do that and HOW can i close it? |
You...work...for a company?
Thats scary. machine.m-a-c-h-i-n-e
That was only my favourite spelling error for the thread. Id reinstall personally. Obviously something is gimped or you've been hacked. Accept it, move on. If you cant or wont get network access for gentoo, id suggest building the packages on a network facing serving, and then move them to the server and install that way. With a little NFS magic shouldnt be too much of a problem, given same arch's. |
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Fri Jun 03, 2005 3:55 pm Post subject: |
|
|
| Quote: | | Humor me. Run an ifconfig on your box and compare the HWaddr address in the output to the MAC address listed in the output of nmap. If they are for the same box these should be the same, no matter what IP you assigned. If they are different, it supports the theory that we are talking about two different boxes. And if the MAC addresses are the same, you have a more serious problem than figuring out how to close the ports. |
Well my dear, I would humor you but i took that mechine down for a while
and i re-installed on a next mechine.
Just incase you wanted to knoe, I am not mad, and i KNOW what pc i am doing my tests on, no mistake about that
Here is the new one i am working on :
| Code: |
eth0 Link encap:Ethernet HWaddr 00:0D:60:0F:96:1C
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20d:60ff:fe0f:961c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9325 errors:0 dropped:0 overruns:0 frame:0
TX packets:1705 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1109490 (1.0 Mb) TX bytes:109198 (106.6 Kb)
Interrupt:22
|
| Code: |
D:\nmap-3.81>nmap -sS -v 192.168.0.2
Starting nmap 3.81 ( http://www.insecure.org/nmap ) at 2005-06-03 09:43 Mountain
Daylight Time
Initiating SYN Stealth Scan against 192.168.0.2 [1663 ports] at 09:43
Discovered open port 22/tcp on 192.168.0.2
Discovered open port 199/tcp on 192.168.0.2
The SYN Stealth Scan took 0.38s to scan 1663 total ports.
Host 192.168.0.2 appears to be up ... good.
Interesting ports on 192.168.0.2:
(The 1661 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
199/tcp open smux
MAC Address: 00:0D:60:0F:96:1C (IBM)
Nmap finished: 1 IP address (1 host up) scanned in 1.218 seconds
Raw packets sent: 1665 (66.6KB) | Rcvd: 1665 (76.6KB)
D:\nmap-3.81>nmap -sT -v 192.168.0.2
Starting nmap 3.81 ( http://www.insecure.org/nmap ) at 2005-06-03 09:48 Mountain
Daylight Time
Initiating Connect() Scan against 192.168.0.2 [1663 ports] at 09:48
Discovered open port 25/tcp on 192.168.0.2
Connect() Scan Timing: About 24.86% done; ETC: 09:50 (0:01:30 remaining)
The Connect() Scan took 123.81s to scan 1663 total ports.
Host 192.168.0.2 appears to be up ... good.
Interesting ports on 192.168.0.2:
(The 1662 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
25/tcp open smtp
Nmap finished: 1 IP address (1 host up) scanned in 124.469 seconds
Raw packets sent: 2 (68B) | Rcvd: 1 (46B)
|
But check that
I still didnt install any SMTp service and its still open...
and what the heck is smux??
| Quote: | | You...work...for a company? |
Yea, they pay me to play ......
Last edited by AsianSpices on Fri Jun 03, 2005 6:22 pm; edited 1 time in total |
|
| Back to top |
|
|
christsong84
Veteran
Joined: 06 Apr 2003
Posts: 1003
Location: GMT-8 (Spokane)
|
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Fri Jun 03, 2005 5:38 pm Post subject: |
|
|
Yea I figured that much.
But now after re-installing the OS and the services all network less
the snmptrapd daemon cannot be found
Since i am a total newbie to this and this is my 2nd week into gentoo, please bear with me. 
But I
emerge net-snmp
and then i did a snmpconf -i and created the scripts
then i started the daemon
/etc/init.d/snmpd restart
in my previous install i could have done
/etc/init.d/snmptrapd restart
Why can i not find it now?
What did i miss? |
|
| Back to top |
|
|
limn
l33t
Joined: 13 May 2005
Posts: 997
|
| Posted: Fri Jun 03, 2005 5:42 pm Post subject: |
|
|
| Now your nmap output is inconsistent scanning the same IP. |
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Fri Jun 03, 2005 5:50 pm Post subject: |
|
|
| Quote: |
Now your nmap output is inconsistent scanning the same IP.
|
Okie so....its inconsitent../
whats the reason for that then... |
|
| Back to top |
|
|
limn
l33t
Joined: 13 May 2005
Posts: 997
|
| Posted: Fri Jun 03, 2005 9:03 pm Post subject: |
|
|
The first nmap shows a MAC address that matches with the ifconfig of the box you are working on and the ports match what you say you want. The second nmap shows only one port open and does not report a MAC address. Two machines using the same IP address could cause this result. That's easy to test.
And if that's the case, you don't have a problem with ports you don't want open, on a box that shows a different port configuration depending on how you look at it, and a Gentoo install doesn't set you up with a mail server just because tripwire and cron need to be able to send mail locally on the box.
The other possible causes are worse, going all the way up to what moocha suspected. For all I know your nmap is compromised, or maybe your network. |
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Fri Jun 03, 2005 9:27 pm Post subject: |
|
|
| Quote: |
The first nmap shows a MAC address that matches with the ifconfig of the box you are working on and the ports match what you say you want. The second nmap shows only one port open and does not report a MAC address. Two machines using the same IP address could cause this result. That's easy to test.
And if that's the case, you don't have a problem with ports you don't want open, on a box that shows a different port configuration depending on how you look at it, and a Gentoo install doesn't set you up with a mail server just because tripwire and cron need to be able to send mail locally on the box.
The other possible causes are worse, going all the way up to what moocha suspected. For all I know your nmap is compromised, or maybe your network. |
| Code: |
D:\nmap-3.81>namp -sS -v 192.168.0.2
'namp' is not recognized as an internal or external command,
operable program or batch file.
D:\nmap-3.81>nmap -sS -v 192.168.0.2
Starting nmap 3.81 ( http://www.insecure.org/nmap ) at 2005-06-03 15:12 Mountain
Daylight Time
Initiating SYN Stealth Scan against 192.168.0.2 [1663 ports] at 15:12
The SYN Stealth Scan took 0.38s to scan 1663 total ports.
Host 192.168.0.2 appears to be up ... good.
All 1663 scanned ports on 192.168.0.2 are: closed
MAC Address: 00:0D:60:0F:96:1C (IBM)
Nmap finished: 1 IP address (1 host up) scanned in 1.157 seconds
Raw packets sent: 1665 (66.6KB) | Rcvd: 1665 (76.6KB)
D:\nmap-3.81>
D:\nmap-3.81>nmap -sT -v 192.168.0.2
Starting nmap 3.81 ( http://www.insecure.org/nmap ) at 2005-06-03 15:12 Mountain
Daylight Time
Initiating Connect() Scan against 192.168.0.2 [1663 ports] at 15:12
Discovered open port 25/tcp on 192.168.0.2
Connect() Scan Timing: About 7.48% done; ETC: 15:19 (0:06:13 remaining)
Discovered open port 110/tcp on 192.168.0.2
The Connect() Scan took 356.22s to scan 1663 total ports.
Host 192.168.0.2 appears to be up ... good.
Interesting ports on 192.168.0.2:
(The 1661 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
25/tcp open smtp
110/tcp open pop3
MAC Address: 00:0D:60:0F:96:1C (IBM)
Nmap finished: 1 IP address (1 host up) scanned in 356.984 seconds
Raw packets sent: 2 (68B) | Rcvd: 1 (46B)
D:\nmap-3.81>nmap -sS -v 192.168.0.2
Starting nmap 3.81 ( http://www.insecure.org/nmap ) at 2005-06-03 15:21 Mountain
Daylight Time
Initiating SYN Stealth Scan against 192.168.0.2 [1663 ports] at 15:21
Discovered open port 199/tcp on 192.168.0.2
The SYN Stealth Scan took 0.38s to scan 1663 total ports.
Host 192.168.0.2 appears to be up ... good.
Interesting ports on 192.168.0.2:
(The 1662 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
199/tcp open smux
MAC Address: 00:0D:60:0F:96:1C (IBM)
Nmap finished: 1 IP address (1 host up) scanned in 1.172 seconds
Raw packets sent: 1665 (66.6KB) | Rcvd: 1665 (76.6KB)
|
Dude I ran an nmap again just to PROVE to you that
1. NOTHINg is wrong with my NMAP!. i probly just forget to paste that line in when i was posting.
2 My system is NOT compromised!!!
Yes i knoe its possible fo systems to be compromised, but this one is not
and there is no other system on the network with this address so you can FORget that notion also...
So then tell me whats the diffence between the two nmap outputs and why does -sS show a different output to -sT? |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Fri Jun 03, 2005 10:30 pm Post subject: |
|
|
| Quote: | | So then tell me whats the diffence between the two nmap outputs and why does -sS show a different output to -sT? |
nmap -sS is a stealth scan and nmap -sT is a connect scan. Although an open port is an open port. Different outputs can be due to your iptables settings. Is iptables running?
IMHO, you should scan your linux box FROM your linux box. Forget the windows box. nmap is on the package CD.
Disconnect your linux box from the net. Install nmap (if you haven't already). Turn off iptables. Scan you linux box FROM your linux box? What's the output?
What's the output of " netstat -anA inet " and " netstat -anpA inet " ? |
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Fri Jun 03, 2005 10:40 pm Post subject: |
|
|
Okie nmap is installing as i type
these things take foreverrrr to install ..
anyway
question
I am tryin to set up a TFTP server
I installed the daemon TFTP-HPA
did a /etc/init.d/in.tftpd start
but teh service does not start
Why?
I dont even know where to start in troubleshooting for this..
here is the /etc/conf.d/in.tftpd file
| Code: |
# Config file for /etc/init.d/in.tftpd
# Remove the -l if you use [x]inetd
INTFTPD_PATH="/tftproot"
INTFTPD_OPTS="-l -v -s ${INTFTPD_PATH}"
|
Any ideas? |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Fri Jun 03, 2005 10:48 pm Post subject: |
|
|
| One thing at a time. Fix a problem, then move on. |
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Fri Jun 03, 2005 10:58 pm Post subject: |
|
|
Well my dear
here is the output from the nmap FROM my Linux box
| Code: |
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-06-03 16:57 UTC
Initiating SYN Stealth Scan against 192.168.0.2 [1663 ports] at 16:57
The SYN Stealth Scan took 35.02s to scan 1663 total ports.
Host 192.168.0.2 appears to be up ... good.
All 1663 scanned ports on 192.168.0.2 are: filtered
Nmap run completed -- 1 IP address (1 host up) scanned in 35.141 seconds
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-06-03 16:58 UTC
Initiating SYN Stealth Scan against 192.168.0.2 [1663 ports] at 16:58
The SYN Stealth Scan took 35.00s to scan 1663 total ports.
Host 192.168.0.2 appears to be up ... good.
All 1663 scanned ports on 192.168.0.2 are: filtered
Nmap run completed -- 1 IP address (1 host up) scanned in 35.125 seconds |
very interesting that no ports are shown open...
| Quote: | | One thing at a time. Fix a problem, then move on. |
Thats easy for you to say.
I am hoping as i go along I will eventually find the answers to my problems.  |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Fri Jun 03, 2005 11:09 pm Post subject: |
|
|
What was the nmap command you issued? You should include that at the top of the output. Helps us help you.
And what is the output of " netstat -anA inet " and " netstat -anpA inet "
Yes, it is easy for me to say. It is a good standard practice. Install something test and troubleshoot. If all is well move to next program. Otherwise you can complicate things and make it difficult to trace the problem down. |
|
| Back to top |
|
|
AsianSpices
Tux's lil' helper
Joined: 30 May 2005
Posts: 82
|
| Posted: Fri Jun 03, 2005 11:18 pm Post subject: |
|
|
| Code: |
nmap -sT -v 192.168.0.2
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-06-03 16:57 UTC
Initiating SYN Stealth Scan against 192.168.0.2 [1663 ports] at 16:57
The SYN Stealth Scan took 35.02s to scan 1663 total ports.
Host 192.168.0.2 appears to be up ... good.
All 1663 scanned ports on 192.168.0.2 are: filtered
nmap -sS -v 192.168.0.2
Nmap run completed -- 1 IP address (1 host up) scanned in 35.141 seconds
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-06-03 16:58 UTC
Initiating SYN Stealth Scan against 192.168.0.2 [1663 ports] at 16:58
The SYN Stealth Scan took 35.00s to scan 1663 total ports.
Host 192.168.0.2 appears to be up ... good.
All 1663 scanned ports on 192.168.0.2 are: filtered
Nmap run completed -- 1 IP address (1 host up) scanned in 35.125 seconds
|
| Code: |
netstat -anpA inet
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:514 0.0.0.0:* 8569/syslog-ng
udp 0 0 0.0.0.0:68 0.0.0.0:* 8949/dhcpcd
raw 0 0 0.0.0.0:255 0.0.0.0:* 7 2511/nmap
netstat -anA inet
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:514 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
raw 0 0 0.0.0.0:255 0.0.0.0:* 7
|
|
|
| Back to top |
|
|
|
Networking & Security
