LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-29-2005, 02:26 AM   #1
vangelis
Member
 
Registered: Nov 2004
Location: Hellas
Distribution: Zenwalk 6.4
Posts: 337
Blog Entries: 4

Rep: Reputation: 30
Are my open ports vulnerable to attacks?


I was reading an o'reillys book concerning linux when I found the command "lsof -i", in which I found some interest stuff and tried to scan my ip (not localhost ofcourse) with nmap.

It gave me this >

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-28 20:19
EET
Interesting ports on *.ath.spark.net.gr (195.*.*.*):
(The 65530 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
111/tcp open rpcbind
631/tcp open ipp
765/tcp open webster
2049/tcp open nfs
32768/tcp open unknown

Nmap finished: 1 IP address (1 host up) scanned in 9.183 seconds

I would like to ask, since I am not a network guru(or a guru of anything) what are these open ports and if I am vulnerable to anything.

Actually I don't know what is ipp and webster.
As for nfs, since it concerns local network why is that open to the internet?I think I should do something about it.

And last open port unkown I think it's lime-wire, but I didn't launch the application at all when I scanned my ports.(dammit commercial products)

Would appreciate any reply at all.
 
Old 11-29-2005, 04:06 AM   #2
sirkware
Member
 
Registered: Nov 2005
Location: Philippines
Distribution: Fedora Core 6 Test 1
Posts: 66

Rep: Reputation: 15
You can view /etc/services file to view all ports and the services they offer.
 
Old 11-29-2005, 04:54 AM   #3
vangelis
Member
 
Registered: Nov 2004
Location: Hellas
Distribution: Zenwalk 6.4
Posts: 337
Blog Entries: 4

Original Poster
Rep: Reputation: 30
I've already checked that and I feel kind lame for saying that, but it didn't have any helpful comments, I could just google it but I thought someone would post a one line description about these services.

Anyway I'll check it it when I get home
 
Old 11-29-2005, 05:14 AM   #4
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Re: Are my open ports vulnerable to attacks?

Quote:
Originally posted by vangelis

Actually I don't know what is ipp and webster.
As for nfs, since it concerns local network why is that open to the internet?I think I should do something about it.

Would appreciate any reply at all.
IPP is for internet printing protocol. Are you hosting any print server thru ipp or providing support for printing on this ip ?

Quote:
Originally posted by vangelis

And last open port unkown I think it's lime-wire, but I didn't launch the application at all when I scanned my ports.(dammit commercial products)
Go to /etc/services & comment out the ports & services you wish to block.

Otherwise USE ipatbles for blocking the unauthorised acccess to these ports.
 
Old 11-29-2005, 07:09 AM   #5
vangelis
Member
 
Registered: Nov 2004
Location: Hellas
Distribution: Zenwalk 6.4
Posts: 337
Blog Entries: 4

Original Poster
Rep: Reputation: 30
Thank you very much for the reply amitsharma_26.
I didn't knew that I could #comment the ports on /etc/services and I was searching through /etc/rc.d/ to stop it on boot but suse really is hard to configure from the console(I really start to lean in slack).
As for ipp no. So I should really stop this service.

Thanks again
 
Old 11-29-2005, 07:11 AM   #6
wlan_security
LQ Newbie
 
Registered: Nov 2005
Location: in the core.
Distribution: suse 9.3, 10.0 laptop
Posts: 8

Rep: Reputation: 0
tripwire, rkhunter and you will learn to hijack this!

Send your server-Ip to some hackers and you know !

 
Old 11-29-2005, 07:54 AM   #7
michaelk
Moderator
 
Registered: Aug 2002
Posts: 11,805

Rep: Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721
Port 631 is used by CUPS and is the printing service. So if you do not print anything from linux then you can turn it off.

/etc/services is a file used by xinetd. AFAIK commenting out lines in this file will not block ports or services.
 
Old 11-29-2005, 08:03 AM   #8
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
/etc/services is used by C functions getservbyname/getservbyport to translate numerical port number into text (23<->telnet)
So editing this file does not block any port.

Are you using nfs (network file server for sharing disks over network)? if not, disable it as well as portmap (111)
There used to be some security problems with portmap.

As stated, rkhunter, tripwire, samhain can be useful.

Last edited by nx5000; 11-29-2005 at 08:04 AM.
 
Old 11-29-2005, 08:40 AM   #9
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Quote:
Originally posted by michaelk
Port 631 is used by CUPS and is the printing service. So if you do not print anything from linux then you can turn it off.

/etc/services is a file used by xinetd. AFAIK commenting out lines in this file will not block ports or services.
@ michelk ... Yes you are correct there.

@vangelis
Quote:
service --status-all |grep running
will list all the services running...

After tht you can cross-check & close the services which are not usefull for your working scenario or which are vulnerable.

Quote:
service <service-name> stop
&
Quote:
chkconfig --level <run-level-nos> <service-name> off
So that the services will be remain closed after the reboot.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 02:03 AM
open ports on linksys, i have ssh open but thats it PlatinumRik Linux - Security 1 07-07-2005 10:38 AM
open ports azeem81 Linux - Security 1 05-16-2004 06:20 AM
how to open ports? embsupafly Linux - Networking 11 10-29-2003 10:44 AM
OPen ports Stephanie Linux - General 1 08-17-2001 10:24 PM


All times are GMT -5. The time now is 08:46 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration