So an nmap on a default install of Windows 2003 Server is….
phoenix alan # nmap -O <IP>
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-10-27 07:43 PST
Interesting ports on shiny (<IP>):
(The 1652 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
Device type: general purpose
Running: Microsoft Windows 2003/.NET
OS details: Microsoft Windows .NET Enterprise Server (build 3604-3790)
Nmap run completed — 1 IP address (1 host up) scanned in 1.435 seconds
phoenix alan #
Granted, a default RedHat9 isn’t much better, but still, when will people learn? Open ports for non-needed services means bad things can sneak in. Having these services running on boot means that before an admin can get to the box and set things up bad things can sneak in. Last thing you want is your new and shiny box to be 0wned before you can even start things running on it right?