Security: nmap to test against my Linux Mint

At first I was using nmap to discover other virtual machines that were guest OS on my Linux Mint, however while scanning I discovered my host OS (Linux Mint) had opened ports which I did not have knowledge about and I did not need them at all.

PORT STATE SERVICE
25/tcp open smtp
139/tcp open netbios-ssn
445/tcp open microsoft-ds

My favourite option for nmap:

nmap -sS -Pn -O -n 192.168.20.0/24

This means nmap will use syn scan, without resolving the address and without pinging the addresses and also to find out their OS version.

It turned out that I had smbd running at the background using port 445 and 139, since I did not need these for file transfer between windows and my Linux machine I had decided to remove them.

netstat -antp |grep 445

This command revealed the process smbd was running. For simplicity, I installed chkconfig to make sure smbd would not load automatically after boot.

chkconfig smbd off

service smbd stop

I also did not need a smtp server, it turned out I had postfix installed (Perhaps Linux Mint installed postfix automatically?). I used to need this in the past when I was using OSSEC, but I do not need them as of now, and I do not like processes turn on without letting me know, hence I stopped the postfix service and used chkconfig.

/etc/init.d/postfix stop

chkconfig postfix off

nmap is a good tool for doing vulnerability assessment, it is not a VA tool but part of VA process is to understand the target, and nmap fits well during reconnaissance phase.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s