nmaped myself (why so many ports open + how close ?)

qwijibow · 08-29-2003, 08:11 AM

Hey guys.
ima newbie to security, but my last post was moved by a mod to this forum, so i though i should post this here too.

i used nmap to get a list of open ports on my box and found...

Port State Service
22/tcp open ssh
25/tcp open smtp
111/tcp open sunrpc
631/tcp open ipp
6000/tcp open X11

i must admit that it does not make alot of sence to me, but if my memory servs me correctly....
port 22 is for remote logons,
port 25 is for a smtp mail server.

what are the other 3, i know what X11 is, but do i need that port open ? or is that for remote graphics ???

i am a home user, not wishing to run any servers, should i shutdown most of these open ports ? and if so, how do i do this. i doo not have a firewall (yet) but can i tell linux to simply stop 'listening' on these ports ?

thanxyou for any reply

ppuru · 08-29-2003, 09:03 AM

631 is for cups - printing
111 is portmap

You can safely stop portmap if you are not using NFS.

To turn off a service permanently you can

# chkconfig --level 2345 <service> off

You can close 6000 by

# startx --nolisten tcp

OR edit /etc/X11/?dm/?dm.conf

look for

StandardXServer=/usr/X11R6/bin/X

and add the option -nolisten tcp

Restart your X services.

You would be better off with a simple firewall than none. Also tcpwrappers (hosts.allow and hosts.deny) can help you.

joe_stevensen · 08-29-2003, 01:07 PM

A simple firewall script that has a defalt INPUT policy of DROP is all you really need. Then no one can reach you.

qwijibow · 08-31-2003, 06:50 AM

lol ive been using linux for a while now but im not upto the skill level needed for writing a firewall script, lol.

i telneted to my CUPS port, (just to see what happened)
and i got what loooked like html, so i connected to it through my web browser.

and got what looked like a huge user guide ???

since i dont use remote printing, can i shut down this port too ?

FaHaC · 08-31-2003, 11:38 AM

Write a simple firewall with regules that block those ports

e.x:

iptables -A INPUT -p tcp --dport 515 -j DROP
^^ for printer port

greetz FaHaC

ppuru · 08-31-2003, 10:52 PM

About ipp (InternetPrinting Protocol - port 631), you can edit /etc/cups/cupsd.conf.

Towards the bottom of the file, you can check how access to port 631 is restricted. The default configuration is to allow connections to port631 only from 127.0.0.1.

So, if you do a telnet 127.0.0.1 631, you will get the administration webpage. If you try your local ip, say telnet 192.168.0.2 631, you will get a denied message.

BTW if you turn off cupsd (service cups stop), you will not be able to print... someone correct me if I am wrong.

mdtex · 09-01-2003, 08:37 AM

If you are not running a smtp server, you can turn off smtp.

qwijibow · 09-01-2003, 08:43 AM

thanX.

ive taken some advice and got a firewall up (still learing how to use it) but thats the topic of a different post.

when i choose print, i get the option to print to file, /dev/lp0 my printer or cups.

u usually select lp0 cos it seems to print faster than cups.

so assume, this is an alternate method. ohh well.

but thakyou for your reply.

i have close the un-neccesery ports now.
thankyou for your help. this thread is now dead.