November 24th, 2003, 12:21 AM
Unknown open ports
I've been doing a security audit on my Linux box, and I have three ports open that I would not like to have open, and I cannot identify.
139/TCP NETBIOS-SSN (I don't have Netbios service running.)
My firewall doesn't seem to want to interfere with these, so I'm trying to find the services.
Any ideas, guys?
November 24th, 2003, 12:34 AM
111 is being started by your portmap service. You can kill that and you'll see the port close.
139 -- Check to see if you have Samba running as it would normally open this port on a Linux box.
6000 - This port is opened when you start XWindows. Close Xwindows and you'll see it disappear.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
November 24th, 2003, 12:37 AM
Check out this thread just a few spots down on the main page:
I agree with HTRegz. Although you probably want to use Xwindows, and I don't think there is any harm in leaving that one opened. The others you should close. I use redhat, and if I go in the redhat menu under System Settings>Server Settings>Services, that is where I am able to disable services. Just make sure you know what you are disabling. You should see samba listed there, you can stop that. I don't know what the sun rpc is called on the list, you should PM Lansing_Banda since he just went through this process.
November 24th, 2003, 12:38 AM
Thanks. That all works and has checked out. :-)