hi all ,
im trying to make freepbx secure as possible ,
i changed ssh/sip/http default ports to non other ports.
but i still has many opened ports @ freepbx when i have netstat -ant
im sure that those opened ports will attrqck the hackers and scanners to me agian !!
the ports like
sql 3306==> can i block sql from outside ??
port 50000 , 50001 , 50002 , 50003 ===> ??
5038 ===> is it important ? can i block it from outside ?
53 ==> very strange why 53 opened and no dns server there??!!!
im going to block all the ports above if no problems will occur
plz help me with them and their benefit ??
Netstat will show which ports are being used by services running on the box. This does not mean that they are open to anyone to use. For example 3306/TCP (MySQL) might only be accessible from 127.0.0.1 (the loopback interface) if MySQL config is default.
However you should use iptables to block access to ports that don’t need to be open to the outside World. Netstat will still show then in use but it’s iptables job to block unwanted access to them.
Telnet for tests. If in doubt, from another box in the same network, telnet to the port you suspect is open. For example:
telnet (hostname/IP) (port)
If it connects, then the port was open. If it doesn’t connect you will get an error message.
Sucessful and port is open:
Connected to xxxxxxxx.
Escape character is ‘^]’.
Port not open:
telnet: Unable to connect to remote host: Connection refused