Linux Port Help
Results 1 to 10 of 10

Thread: Linux Port Help

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Posts
    500

    Linux Port Help

    Okay here is my nmap

    Port State Service
    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    111/tcp open sunrpc
    137/tcp filtered netbios-ns
    138/tcp filtered netbios-dgm
    139/tcp open netbios-ssn
    443/tcp open https
    631/tcp open ipp
    953/tcp open rndc
    1241/tcp open msg
    2049/tcp open nfs
    6000/tcp open X11
    7100/tcp filtered font-service
    10000/tcp open snet-sensor-mgmt
    32771/tcp open sometimes-rpc5
    32772/tcp open sometimes-rpc7

    I am running Mandrake 9.0. I have an apache server, a cups printer, and I want ssh to be open. What all should I close and how do I do it. I have googled all day and I have more or less found plenty of confilcting opinions on how to close ports. Help would be much appreciated.

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I would say you could close these:
    25 if you don't send any mail
    111 I have this open also, don't think you need it
    137-139 Is this a Samba server, I assume yes, so leave them open, if you don't want it to be close them
    631-2049 Don't know what they do, but I don't think you need them
    7100-32772 Don't know but you shouldn't need them

    To close them just disable the services associated with them. I have RH9 and I go to the main menu in the bottom left and I have System Settings>server settings>services and I select services. This is where I can manipulate what services are running at startup and I can remove them from startup and stop them from running. If you just remove them from startup they are still running for the current session so you also have to stop them.

    For now I would disable 25 and 137-139(disable these if you are not sharing files with other computers) and possibly 111. And wait on the others, because I don't know what they do and you could possibly need them for something. Please hold off on disabling services until you get confirmation. Sorry I couldn't detail how to disable them, but I'm on redhat, and I don't really know mandrake.

    My computer is like this:
    21 open ftp
    22 open ssh
    80 open http
    111 open srpc
    3306 open mysql
    6000 open X11
    32768 open unknown(What is this? maybe a backdoor?)

  3. #3
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Your right its hard to find some linux stuff concerning your problem on google.
    What firewall are you using I have Iptables in GUI mode running?

    Here are some mediocre sites and articles on closing the ports
    http://www.linuxexposed.com/modules....&mode=&order=0
    http://www.linuxexposed.com/modules....&mode=&order=0 (back up link)
    http://www.linuxexposed.com/modules....&mode=&order=0 ( back up back up link)


    (suggestion) 22 = openssh - disable ssh if you want to close this.
    25 = smtp - might have sendmail running, disable if you want to close
    111 = sunrpc - mainly for remote protocol requests, nfs, etc. disable from xinetd or inet.conf if you want to close.

    Another option is to learn and setup iptables and the such to setup your own firewall, etc.

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    I am running firestarter, but I don't see any differance really. I set it up to filter everything but 80 and the other ports are still not filtered. I dunno. And I have checked xinetd.d but none of the services that I want to disable are there. And I have been to hell and back trying to close 6000. I have edited every file I can think of in X11.
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  5. #5
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    25 closed
    111 closed
    1241 closed - - was used by nessusd
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Lansing,

    I'm assuming that you've done this:

    Sourced from Simply Linux

    Closing Port 6000
    Port 6000 is listening by default. Take care of it.

    1) Enter "vi /etc/X11/xdm/Xservers"
    2) Hit "i" and add "-nolisten tcp" at the end of a line like this:

    :0 local /usr/X11R6/bin/X -nolisten tcp
    3) Hit ESC & enter ":wq"
    And remarked out the necessary ports from the /etc/services file? If you do a netstat, you should see that the port is not being listened on eventhough it is "open".
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Member
    Join Date
    Oct 2001
    Posts
    76
    Did you scan 127.0.0.1, or your proper IP address? This matters, as some services should only be listening on localhost. One example is port 631, which is open because of cups. This port should only be listening on localhost. Same with port 7100, which is xfs.

    Port 25 listening on your external IP address is a serious problem, depending on the configuration of sendmail, or whatever smtp service you're running. Spammers love setups like this, as it will be you getting the blame when they route their junk mail through your PC.

    You can close port 443 by uninstalling mod_ssl and restarting apache.

    Port 53 can be closed by stopping bind. If you did a UDP scan, you would notice this PC is also listening on UDP port 53 as well.

    Ports 2049, 32771, and 32772 will close when you stop the service running on port 111. This is either NIS or NFS, i always confuse the two.

    You should probably stop samba as well, unless you need it for windows connectivity on a network. This will close ports 137-139.

    Ports 10000 and 953 are a mystery though, I got no idea what they are. The only time i've seen 10000 open is with webmin, and this could be a security problem if this is the reason port 10000 is open.

  8. #8
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    Update:
    how does this look:

    Port State Service
    22/tcp open ssh
    80/tcp open http
    443/tcp open https
    631/tcp open ipp
    6000/tcp open X11
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  9. #9
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    That looks good Lansing_Banda. It seems that you now only have the ports open for which you want a service to be running, if that made any sense.

  10. #10
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    I stll need to close 443. My apache's SSL_mod is causing that, but I am in no big hurry, nessus just gave me a warning with that. Nessus likes my setup and right now, so do I.

    And Heretic, that made perfect sense
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •