LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-08-2009, 01:34 AM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Rep: Reputation: 30
nmap results


Any ideas what ipp, rndc, and ufsd are and whether they need to be open ports?

Code:
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-08-08 07:32 BST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1671 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
111/tcp  open  rpcbind
631/tcp  open  ipp
953/tcp  open  rndc
1008/tcp open  ufsd
3128/tcp open  squid-http
3306/tcp open  mysql
5555/tcp open  freeciv
 
Old 08-08-2009, 02:10 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
As you could have found very quickly on google, 631 is printing (the cups service in this case most likely)

953, rndc, is the Remote Name Daemon Control, part of bind.

as for ufsd, I'm actually not sure, most chat about this port seems to be about a worm, but if you run "netstat -plnt" as root you'll see what programs are listening to all of these ports, and will quickly fill in any blanks.
 
Old 08-09-2009, 05:16 AM   #3
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie View Post
As you could have found very quickly on google, 631 is printing (the cups service in this case most likely)

953, rndc, is the Remote Name Daemon Control, part of bind.

as for ufsd, I'm actually not sure, most chat about this port seems to be about a worm, but if you run "netstat -plnt" as root you'll see what programs are listening to all of these ports, and will quickly fill in any blanks.
I did look but the results were a bit hit and miss. Seems strange that a hosting company would leave open a port for printing?



Seems to give the following:
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             Stat                                                                                                 e       PID/Program name
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LIST                                                                                                 EN      26937/mysqld
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LIST                                                                                                 EN      2446/portmap
tcp        0      0 0.0.0.0:1008                0.0.0.0:*                   LIST                                                                                                 EN      11002/rpc.statd
tcp        0      0 0.0.0.0:5555                0.0.0.0:*                   LIST                                                                                                 EN      2889/httpd-matrixsa
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LIST                                                                                                 EN      26704/named
tcp        0      0 127.0.0.1:8087              0.0.0.0:*                   LIST                                                                                                 EN      17066/python
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LIST                                                                                                 EN      10858/cupsd
tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LIST                                                                                                 EN      27603/(squid)
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LIST                                                                                                 EN      26704/named
tcp        0      0 ::1:53                      :::*                        LIST                                                                                                 EN      26704/named
tcp        0      0 :::22                       :::*                        LIST                                                                                                 EN      10819/sshd
tcp        0      0 ::1:953                     :::*                        LIST                                                                                                 EN      26704/named
What is "named"?
I don't have port 631 open in my iptables file so not sure why it's there.

Last edited by qwertyjjj; 08-09-2009 at 05:23 AM.
 
Old 08-09-2009, 10:55 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
the port isn't "open" so much, just that there's cups running. You've only scanning your loopback interface, which is naturally not reachable from outside of the box.

Oh, and run that netstat command as root for more information in the output, sorry.
 
Old 08-09-2009, 11:01 AM   #5
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie View Post
the port isn't "open" so much, just that there's cups running. You've only scanning your loopback interface, which is naturally not reachable from outside of the box.

Oh, and run that netstat command as root for more information in the output, sorry.
Any ideas how to turn it off?
A google search brings a few dodgy options with error messages.
 
Old 08-09-2009, 11:12 AM   #6
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,977
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by qwertyjjj View Post
What is "named"?
http://lmgtfy.com/?q=Linux+named
 
Old 08-09-2009, 06:52 PM   #7
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,357

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
If you don't need printing,

service cupds stop
chkconfig cupsd off


ufsd is file system http://www.paragon-software.com/ntfs/ufsd.html
 
Old 08-09-2009, 07:01 PM   #8
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by chrism01 View Post
If you don't need printing,

service cupds stop
chkconfig cupsd off


ufsd is file system http://www.paragon-software.com/ntfs/ufsd.html
those commands don;t work - unrecognized service.
I just killed the PID instead but won't it start up again?
 
Old 08-09-2009, 07:06 PM   #9
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by qwertyjjj View Post
those commands don;t work - unrecognized service.
I just killed the PID instead but won't it start up again?
aha - the service is cups even though the program is cupsd.
Lol why not just call them the same thing in the program variables
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Different nmap results Andriy Linux - Security 3 06-01-2006 08:22 AM
please help me,i m desperate.nmap results el3ctronic Linux - Security 4 03-01-2005 10:24 AM
nmap scan results juanb Linux - Security 5 11-16-2004 02:31 AM
nmap results djcomplex Linux - Software 3 03-20-2004 01:46 PM
nmap results richlawson Linux - Security 6 12-16-2003 03:26 PM


All times are GMT -5. The time now is 01:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration