Results 1 to 4 of 4

Thread: Unknown open ports

  1. #1
    Senior Member
    Join Date
    Nov 2003

    Unknown open ports

    I've been doing a security audit on my Linux box, and I have three ports open that I would not like to have open, and I cannot identify.

    111/TCP SUNRPC
    139/TCP NETBIOS-SSN (I don't have Netbios service running.)
    6000/TCP X11

    My firewall doesn't seem to want to interfere with these, so I'm trying to find the services.

    Any ideas, guys?

  2. #2
    Senior Member
    Join Date
    Jan 2003
    111 is being started by your portmap service. You can kill that and you'll see the port close.
    139 -- Check to see if you have Samba running as it would normally open this port on a Linux box.

    6000 - This port is opened when you start XWindows. Close Xwindows and you'll see it disappear.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    Check out this thread just a few spots down on the main page:
    I agree with HTRegz. Although you probably want to use Xwindows, and I don't think there is any harm in leaving that one opened. The others you should close. I use redhat, and if I go in the redhat menu under System Settings>Server Settings>Services, that is where I am able to disable services. Just make sure you know what you are disabling. You should see samba listed there, you can stop that. I don't know what the sun rpc is called on the list, you should PM Lansing_Banda since he just went through this process.

  4. #4
    Senior Member
    Join Date
    Nov 2003
    Thanks. That all works and has checked out. :-)
    There is a ghost in the machine, and he is my friend.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts