Security: nmap to test against my Linux Mint

At first I was using nmap to discover other virtual machines that were guest OS on my Linux Mint, however while scanning I discovered my host OS (Linux Mint) had opened ports which I did not have knowledge about and I did not need them at all.

PORT STATE SERVICE
25/tcp open smtp
139/tcp open netbios-ssn
445/tcp open microsoft-ds

My favourite option for nmap:

nmap -sS -Pn -O -n 192.168.20.0/24

This means nmap will use syn scan, without resolving the address and without pinging the addresses and also to find out their OS version.

It turned out that I had smbd running at the background using port 445 and 139, since I did not need these for file transfer between windows and my Linux machine I had decided to remove them.

netstat -antp |grep 445

This command revealed the process smbd was running. For simplicity, I installed chkconfig to make sure smbd would not load automatically after boot.

chkconfig smbd off

service smbd stop

I also did not need a smtp server, it turned out I had postfix installed (Perhaps Linux Mint installed postfix automatically?). I used to need this in the past when I was using OSSEC, but I do not need them as of now, and I do not like processes turn on without letting me know, hence I stopped the postfix service and used chkconfig.

/etc/init.d/postfix stop

chkconfig postfix off

nmap is a good tool for doing vulnerability assessment, it is not a VA tool but part of VA process is to understand the target, and nmap fits well during reconnaissance phase.

Advertisements
This entry was posted in Linux, Security, System OS, Vulnerability Assessment and Pentest and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s