Closing port 1723 "pptp service" in linux
Can any one help me to close that port 1723, I don understand any security issues. Here's the result of nmapping my ip .. (i use a one port router with NAT settings, i don use a firewall)
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 03:08 EET Interesting ports on SpeedTouch.lan (MY IP): (The 1655 ports scanned but not shown below are in state: closed) 21/tcp open ftp 22/tcp filtered ssh 23/tcp filtered telnet 80/tcp filtered http 113/tcp filtered auth 1723/tcp open pptp 5631/tcp filtered pcanywheredata 5632/tcp filtered pcanywherestat The only port which is not covered by NAT is 1723, how to close it ?!! |
Do you want to keep what ever service is listening on port 1723 running and simply firewall it so that it isn't accessible remotely or do you wan to turn off whatever service is running? Either way, run netstat -pant and post the output.
|
Thanks for replying..
Here's the output of netstat -pant Code:
Active Internet connections (servers and established) |
I don't see anything listening on port 1723 in the netstat output. Which IP are you scanning, your remote external IP, the internal IP of your router, or something else?
PPTP protocol functions by having clients establish a control channeling on tcp port 1723 and then setting up a GRE-over-IP tunneled PPP session. So I think somehow you're scanning the router and seeing the daemon listening for the incoming control channel connections. You might want to check into your router/modem and make sure any GRE/VPN passthrough functions are disabled. But it might help if you clarify what IP (you don't need to give the specific IP, but an answer like my external IP or my routers internal IP might make things a little more clear). |
Sorry cuz I dunno which IP you mentioned, here is the result of scanning all of the IPs I
know: here is the results scanning my internal (10.0.0.1) IP (Only on pc connected with the router): Code:
Interesting ports on 10.0.0.1: Code:
Interesting ports on SpeedTouch.lan (10.0.0.138): Code:
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-11 03:36 EET busy in exams now. thx for care |
Ok, it's definitely your router and not the linux box. You should try scanning your external IP from outside the network to make sure that this isn't an artifact caused by scanning from the LAN side (often LAN side traffic is firewalled differently than WAN). If you don't have any other systems outside the LAN, then try using on of the free online scans available through www.grc.com or http://scan.sygatetech.com/ . If you still see port 1723 open, then check your router settings and make sure that the VPN settings are turned off.
|
Thanks alot for ur suggestions, i'll do it now...
|
Yeah sir, after doing the stealth scan from http://scan.segatech.com This port "1723" is not found in the open ports...
The only found opened port was "113", the website says it's for irc ... so i don think a problem exist here.. |
All times are GMT -5. The time now is 02:15 AM. |