Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Or, if you have a GUI installed, go under admin tools and check out the firewall settings.
So I unchecked everything except ssh. Now when I scan all possible TCP ports, I get:
nmap -sT -p- localhost
Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-08 14:04 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
2208/tcp open unknown
33690/tcp open unknown
How do I tell what on earth is running on 2208 and 33690?
So I unchecked everything except ssh. Now when I scan all possible TCP ports, I get:
nmap -sT -p- localhost
Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-08 14:04 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
2208/tcp open unknown
33690/tcp open unknown
How do I tell what on earth is running on 2208 and 33690?
Thank you.
maybe try with something like:
Code:
netstat -pantu
BTW, keep in mind that you probably want to nmap from a separate machine on your LAN/WAN instead of from localhost to get a realistic/practical result... also, check your local firewall with a:
One thing I'll want to do is to do a quick check of what services I'm running and close them all off. So you do: chkconfig --list and see what all is on run level 3 or 5 and shut what you dont need using chkconfig servicename off. The reason I'm saying this is that quite often there will be services which you dont even know exist but which have opened up ports on your system. If you have turned off everything you dont need and these ports are still open you might want to telnet to them and see if they reveal anything in their banners(they probably wont). If still no luck... you might want to configure iptables and setup rules allowing only what you want or explicitly blocking what you don not want(this is painful though).
Also like Win32sux mentioned you'd want to run Nmap off another system to truly understand what another person can see.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.