Closing Ports....
Results 1 to 5 of 5

Thread: Closing Ports....

  1. #1
    Banned
    Join Date
    Mar 2002
    Posts
    520

    Closing Ports....

    I have a Windows ME machine and a Solaris machine as well. After vulnerability scanning both, I would like to know how I would go about closing ports if that is possible. I never learned about closing and opening ports unless I have gotten onto a high ended one. Thanks!

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    Simply stop the programs/processes that have the port open. If you have an http server running, close it, and you'll have 80 closed. ditto for any other ones.

  3. #3
    Banned
    Join Date
    Mar 2002
    Posts
    520
    Thanks. I thought there was some l337 way to close ports or something that I didn't hear about. Thanks tho man...

  4. #4
    Senior Member
    Join Date
    Apr 2002
    Posts
    712
    Stop running the daemons/services that are running on those ports and the ports will be closed (sorry - an equally vague answer for a rather vague question).

    In all serious... take a look at the "services" control panel on Windows (or am I thinking 2k/Nt and the like?) and take a look at /etc/inetd.conf and /etc/rc[23].d/ on Solaris.

    Also, if you can run a firewall system or something that you can convince to "drop and log" a packet to a given port (rather than rejecting it (sending a FIN/RST)), that's also a good bonus. Win2k has this sort of thing built in... Solaris - you'll have to compile something like IPF to do it.
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    712
    Oh yeah... one more thing... on Solaris, "/usr/bin/ps -efl" can be a wonderful thing... then go back to your /etc/rc#.d directories and find out where it starts up. MOVE the undesireables to something like o.S##service (eg. I believe sendmail runs out of /etc/rc2.d/S88sendmail - move that to /etc/rc2.d/o.S88sendmail and do a "chmod 000" on the thing (second part is optional)). Just don't /delete/ anything, though... you might want them back some day (though everything in those directories should also be linked to /etc/init.d - the rc directories is generally what tells the system to fire them off, though).

    BTW, if you stop sendmail as suggested in the example above (which you should unless you actively receive SMTP mail from outside), remember that you will likely want to make sure to cron a "cleanup" job for the mail queue, probably once every 15 to 30 minutes... just add "sendmail -q" to root's crontab (ie. forget the "-bd") -- yeah, you can hack the "bd" out and just have it process the queue, but old croonies like me like to try to refrain from editing system-shipped startup scripts as much as possible, etc (and not add other ones to duplicate its efforts, etc). Sun invariably ships a patch cluster that will overwrite something in /etc/init.d and, low and behold, the service is running again or your changes are gone (thank you Sun); hence the reason for the "chmod 000" advice.
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •