on AIX 5.2

i mean how to close port 6666 on the box
which is not behind firewall ?
is there some kinda internal firewall ? */me hides*

thanks

On Wed, 10 Nov 2004 15:19:45 +0100, g0c wrote:

> on AIX 5.2
>
> i mean how to close port 6666 on the box which is not behind firewall ?
> is there some kinda internal firewall ? */me hides*

AIX has no kernel based firewall.

Stop the service which is listening on 6666, or change it so it only
listens on localhost. It isn't a standard service.

Regards, Ian

In article <cmt821$8l0$1@fegnews.vip.hr>, g0c <REMOVEg0c@msn.com> wrote:
>on AIX 5.2
>
>i mean how to close port 6666 on the box
>which is not behind firewall ?

Ian Northeast already answered this in his reply, assuming that
you're concerned about incoming traffic to port 6666.

To prohibit outgoing traffic from (or to) port 6666, you would need
some sort of packet filter or firewall.

>is there some kinda internal firewall ? */me hides*

Yes, look at the bos.net.ipsec.rte package. You can configure this
using "smit", under:

Communications Applications and Services
-> TCP/IP
-> Configure IP Security

--
Ken Bell :: kenbell@panix.com :: (212) 475-4976 (voice)

Ian Northeast <ian@house-from-hell.demon.co.uk> wrote in message
news:<pan.2004.11.10.21.54.26.835781@house-from-hell.demon.co.uk>...
> On Wed, 10 Nov 2004 15:19:45 +0100, g0c wrote:
>
> > on AIX 5.2
> >
> > i mean how to close port 6666 on the box which is not behind firewall ?
> > is there some kinda internal firewall ? */me hides*
>
> AIX has no kernel based firewall.

it has, man genfilt

> Stop the service which is listening on 6666, or change it so it only
> listens on localhost. It isn't a standard service.

surely the better way, or the original poster might want to check if the
application (ircd???) is able to listen on specific addresses only.

regards,
florian

"Florian Heigl" <florian.heigl@gmx.de> wrote in message
news:29a7918d.0411110723.69e94e42@posting.google.c om...
> Ian Northeast <ian@house-from-hell.demon.co.uk> wrote in message
> news:<pan.2004.11.10.21.54.26.835781@house-from-hell.demon.co.uk>...
>> On Wed, 10 Nov 2004 15:19:45 +0100, g0c wrote:
>>
>> > on AIX 5.2
>> >
>> > i mean how to close port 6666 on the box which is not behind firewall ?
>> > is there some kinda internal firewall ? */me hides*
>>
>> AIX has no kernel based firewall.
>
> it has, man genfilt
>
>> Stop the service which is listening on 6666, or change it so it only
>> listens on localhost. It isn't a standard service.
>
> surely the better way, or the original poster might want to check if the
> application (ircd???) is able to listen on specific addresses only.
>
> regards,
> florian

hi, i forgot to mention there is nothing that listens on that
port, i just want to make sure that this port cannot be used,
yeah i know ... silly question, but it is bounded to hackers using this port
for irc bouncers, mail spamming with perl and irc dcc filesharing

thanks
again

> hi, i forgot to mention there is nothing that listens on that
> port, i just want to make sure that this port cannot be used,

you could simply let something listening there, so it cannot be used by
other processes

grep mybulk /etc/services /etc/inetd.conf
/etc/services:mybulk 6666/tcp
/etc/inetd.conf:mybulk stream tcp nowait nobody /usr/bin/pwd

would be enough

"g0c" <REMOVEg0c@msn.com> wrote in message news:<cn21gf$mmc$1@fegnews.vip.hr>
....
> "Florian Heigl" <florian.heigl@gmx.de> wrote in message
> news:29a7918d.0411110723.69e94e42@posting.google.c om
....
> > Ian Northeast <ian@house-from-hell.demon.co.uk> wrote in message
> > news:<pan.2004.11.10.21.54.26.835781@house-from-hell.demon.co.uk>
....

> hi, i forgot to mention there is nothing that listens on that
> port, i just want to make sure that this port cannot be used,
> yeah i know ... silly question, but it is bounded to hackers using this port
> for irc bouncers, mail spamming with perl and irc dcc filesharing

reasonable enough

"g0c" <REMOVEg0c@msn.com> wrote in news:cn21gf$mmc$1@fegnews.vip.hr:
> hi, i forgot to mention there is nothing that listens on that
> port, i just want to make sure that this port cannot be used,
> yeah i know ... silly question, but it is bounded to hackers using
> this port for irc bouncers, mail spamming with perl and irc dcc
> filesharing

g0c:

1 - If no process is listening on the port, then no one from the outside
can connect to it.
2 - If the machine is compromised, then the machine is compromised, and
they can easily remove any hack used to reserve the port.
3 - The only way to ensure this is at the firewall level, by only allowing
a specified set of services to arrive at this machine, and that this
machine can only use a specified set of services for exit traffic.
4 - Anything else is just trying to pretend you won't have a problem.

--
Doing AIX support was the most monty-pythonesque
activity available at the time.
Eagerly awaiting my thin chocolat mint.