What do you mean by
Quote:
Originally Posted by bruse
I do not know how to use those ports effectively.
|
On each open port, there is a program listening to requests. Such a program is often called a daemon or a service.
Most of the standard services are harmless, but opening a port, for instance to the internet, that means that the server that is listening on that port can be "attacked". So, for system security, you should only open the ports you are actually going to use.
For instance, your ports 21 and 22, respectively used by the FTP service and the Ssh service, can be attacked from outside (if your those servers contain bugs/security holes).
If you don't really use either of them, then you should make sure that the port is closed.
The bottom line is, you need to know what kind of network services (like web service, ftp service, etc) you want to have hosted by your system. For instance, if you were installing a web server, then you'll need to keep port 80 (http) open. Other ports, should then be closed as much as possible. But if you want to login on that web server using ssh to update your websites, then you'll need to open up port 22 too. And so on...
Another rule sais that any ports with numbers <1024 are "privileged". These ports may only be used by a certain service (for instance, port 80 is always for web servers/HTTP protocol) and only "root" is allowed to allocate the ports. So if you have a server that needs to listen to those ports, it'll need to run under the "root" user, at least until it has allocated the port. After that, most contemporary servers switch to a different, non-root user for security.
Any ports > 1024 are most likely opened by packages you've installed yourself. For instance, if you install a MySql database, it'll create a daemon program, mysqld, that listens to a port somewhere between 3000 and 4000 (I forgot which port exactly). But any program can allocate ports > 1024.
I'll quickly run over the list that you've provided and show you a few examples of the servers that may be running. But then again, I'm no network expert.
21/tcp open ftp - FTP daemon is running, ie vsftpd, wuftpd
22/tcp open ssh - SSH daemon is running, sshd or Open SSH
23/tcp open telnet - telnet daemon is running. This should be avoided, as telnet is insecure. You should rely on ssh for secure remote logins instead.
25/tcp open smtp - A mail server, like sendmail or postfix, is running.
79/tcp open finger - Some people disable this one, too. I'm not sure why.
111/tcp open rpcbind - This is for Remote Procedure Calls (RPC)
513/tcp open login - Keep this one open for logins.
514/tcp open shell
515/tcp open printer - Printer service
540/tcp open uucp - I believe UUCP has something to do with News feeds, but I'm unsure.
6002/tcp open X11:1 - X11 is for your graphical environment. Keep it open.
6003/tcp open X11:2
6017/tcp open xmail-ctrl - can be dangerous, not sure though.
6050/tcp open arcserve - Probably some program like Arc Server (GIS) or something.
6112/tcp open dtspc - ??
Of course it won't work, unless "anyport" is an alias for some number. URLs are always formed like this:
proto://host[.domain]
ortnumber
where
proto = network protocol to use, ie HTTP, FTP, ...
host = name of the host
[.domain] = optional domain of the host (only required if it's not the domain that your host belongs to)
portnumber = numerical port number, ie 80 for the HTTP port. Web browsers assume ":80" at the end if you didn't supply a port number.