How do I close ports

ksgill · 10-09-2003, 02:05 PM

nmap localhost gives me this:
Port State Service
22/tcp open ssh
25/tcp open smtp
111/tcp open sunrpc
505/tcp open mailbox-lm
631/tcp open ipp
6000/tcp open X11
I want to close certain ports, how do I go about doing that...

Crashed_Again · 10-09-2003, 02:09 PM

What ports do you want to close? Each port represents a different service which is shutdown in different ways.

Nimoy · 10-09-2003, 02:10 PM

This article on hardening your Linux box should have some nice pointers for you. (Bastille for instance - mentioned in the article helps closing down services "venerabilities")

http://www.linuxexposed.com/modules....&mode=&order=0

Hope this addressed your problem!

Nimoy · 10-09-2003, 02:12 PM

venerabilities :-)..... damn spellchecker!

trickykid · 10-09-2003, 02:13 PM

22 = openssh - disable ssh if you want to close this.
25 = smtp - might have sendmail running, disable if you want to close
111 = sunrpc - mainly for remote protocol requests, nfs, etc. disable from xinetd or inet.conf if you want to close.
505 = not sure what this is, could be a particular app your currently running.
631 = same as above
6000 = X - you can disable this broadcast by using the --no listen option when starting X.

Another option is to learn and setup iptables and the such to setup your own firewall, etc.

Genesee · 10-09-2003, 02:22 PM

Quote:

Originally posted by Nimoy
This article on hardening your Linux box should have some nice pointers for you. (Bastille for instance - mentioned in the article helps closing down services "venerabilities")

http://www.linuxexposed.com/modules....&mode=&order=0

nice article - thanks for posting link Nimoy

ksgill · 10-09-2003, 03:05 PM

thanks guys

Rick485 · 10-09-2003, 04:01 PM

I am no expert at this but have a few comments anyway. Red Hat 9 and many other distros come with an iptables firewall. With iptables it is possible to close a specific port to incoming traffic and yet leave it open to outgoing traffic if that is what you want to do. It is also possible to open a specific port on your network at home while closing it to other networks such as the internet.

I took a course last semmester where we each had to change iptables settings from the command line in Red Hat 7.3. We only spent 2 hours doing that. It was only an introduction to the subject. I need to read up on that before I try that on my Red Hat 9 system at home. For now I just have just been using the "Security Level Program" that is found in the system settings menu. I just chose "medium" security. I have not yet tried to control the ports in a more detailed custom way.

There are several web pages on the internet that will scan my computers ports for me and tell me if any ports are open to hackers on the Internet. One such web page is this:

http://grc.com

When you go to the web page click on "Shields Up." It will check your ports for you. The web page is mainly for Windows users but I assume what it is checking would be valid for Linux too.

If you have a network with a Cisco router in it (or something similar) it is also possible to use extended access control lists to control what ports are open to whom in a way that seems to be very similar to iptables.

michaelk · 10-09-2003, 07:42 PM

port 631 is what cups runs on. CUPS is the print server.

I assume that 505 mailbox-lm has something to do with mail but have no clue.

Rick485 · 10-09-2003, 09:06 PM

Below are two web pages that list most port numbers. Port 505 is not on the first list for some reason. On the first web page, if you click on the port number it will provide a little more info on what the port is normally used for. I am only familiar what what a few of the most common port numbers are used for.

http://www.iss.net/security_center/a...ts/default.htm
http://www.iana.org/assignments/port-numbers