This is What Happens When You Leave a Port Open on a DHS System

Posted on 26th February 2009 by Ryan Somma in Geeking Out

I know from previous experience that I need to be careful about what I put in the root directory on my development box at work, but I recently discovered it’s probably best not to have any open ports on my box at all, when a coworker showed me this in my Apache server log:


Retina Network Security Scanner

Retina Network Security Scanner

Apparently, this is what a server log looks like after being audited by a Retina Network Security Scanner, software that scans the network for open ports and, when it finds one, checks for every possible kind of exploit there is against it:


Sample of Exploits Checked

Sample of Exploits Checked

There are thousands of lines of log entries for each scan, and with these regular scans extending back to October, my Apache log had exploded to nearly 300 megs. Somewhat inconvenient. Great thing about working in a team IT environment, I got to learn about a command-line tool called nslookup, which I ran:


nslookup

nslookup

So it’s a CG Intranet thing. The “ads” probably stands for “Automated (Distribution / Deployment) Service.” Nice to know it’s out there, keeping USCG computers secure.

Since this was a local development box, I decided to follow my colleague, and restrict my Apache server to access from just my own box with this modification to the config file (I’m using port 81 so as not to conflict with IIS):

1
2
#Listen 81
Listen localhost:81

Now the only errors I get are the PICNIC kind.

Comments (4)

4 Comments

  1. At least they called your attention to the fact that log files need to be rolled from time to time… And you got some free exploit checking done! :)

    Comment by ClintJCL — February 26, 2009 @ 4:53 pm

  2. Our campus network gets a similar survey. It’s pretty convenient and eases my mind when I sometimes install and forget certain web packages, knowing that if there is some exploit, i’ll suddenly have my port closed.

    We are also required to have any network accessible systems run and update virus/malware definitions from the university’s server on a regular basis.

    Comment by John — February 26, 2009 @ 7:38 pm

  3. Your a life saver! For my one class, I must gather data and facts for the question regarding security issues with computers (it gets more specific but that’s a basic run down). I’ve been stumped so far but this provides a good starting point for me. That RETINAL Network scanner is a perfect fit. :D

    Comment by Sour Swinger — September 9, 2010 @ 9:26 pm

  4. Awesome! Glad to help!

    Comment by ideonexus — September 11, 2010 @ 10:20 pm

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.