LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-11-2005, 09:16 PM   #1
buddhahat
Member
 
Registered: Sep 2003
Distribution: Slackware 10, FreeBSD 6.2, Ubuntu 7.04
Posts: 60

Rep: Reputation: 15
Which of these ports can I close?


I have an Slackware 10.0 box with kernel 2.4.26. It primary function is a code repository (Subversion) and file server (Samba). The server is administered remotely via ssh.

Could someone tell me what is running on ports 25, 37 and 113 and if I need to keep these open/active? If not how would I go about closing them?

Here is the output from nmap:

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
37/tcp open time
113/tcp open auth
139/tcp open netbios-ssn
445/tcp open microsoft-ds
587/tcp open submission

Thanks in advance for your assistance.
 
Old 06-11-2005, 10:45 PM   #2
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Rep: Reputation: 46
You should be able to close
25/tcp open smtp
37/tcp open time (assuming you don't sync your time to a network)
139/tcp open netbios-ssn (Unless your using a Win 9x box that uses netbios)
<edit> Maybe samba implements netbios? you may have to leave 139 open.</edit

Not sure on the others

Last edited by musicman_ace; 06-11-2005 at 10:46 PM.
 
Old 06-12-2005, 05:46 AM   #3
mcd
Member
 
Registered: Aug 2003
Location: Boulder, CO
Distribution: Slackware, RHEL, CentOS
Posts: 825

Rep: Reputation: 33
you can check them against /etc/services:

cat /etc/services | grep -w 139
netbios-ssn 139/tcp #NETBIOS Session Service
netbios-ssn 139/udp #NETBIOS Session Service
 
Old 06-12-2005, 08:20 AM   #4
buddhahat
Member
 
Registered: Sep 2003
Distribution: Slackware 10, FreeBSD 6.2, Ubuntu 7.04
Posts: 60

Original Poster
Rep: Reputation: 15
Thank you for the help.

I need to keep 139 open for Samba (it's open by the smbd daemon). I would like to close 25 and 37, but how do I go about doing it?

Does anyone know what this is:
auth 113/tcp ident tap #Authentication Service
auth 113/udp ident tap #Authentication Service

Thanks again.
 
Old 06-12-2005, 09:09 AM   #5
Imanerd
Member
 
Registered: Dec 2004
Location: Bay Area, California
Distribution: Fedora Core 3
Posts: 65

Rep: Reputation: 15
Port 113 info
 
Old 06-12-2005, 05:14 PM   #6
mcd
Member
 
Registered: Aug 2003
Location: Boulder, CO
Distribution: Slackware, RHEL, CentOS
Posts: 825

Rep: Reputation: 33
well, there are two steps i would take. if those ports are open you may be running those services. port 25 is sendmail, and if you're not running a mail server then you want to prevent it from starting up. all your startup scripts are in /etc/rc.d/ so you should remove remove execute permission like this:

Code:
/etc/rc.d/rc.sendmail stop
chmod -x /etc/rc.d/rc.sendmail
i believe port 37 (time) is part of identd. you should go into /etc/inetd.conf and comment out lines 22-23 (if my notes are correct) before restarting the service

Code:
/etc/rc.d/rc.inet1 restart
(and again for inet2 since i don't know which one is affected).

second, i would make sure you have some sort of firewall enabled, and that you set up your policies to drop all incoming packets EXCEPT the ones you need open. a quick search on iptables should give you enough to get started.

Last edited by mcd; 06-12-2005 at 05:20 PM.
 
Old 06-13-2005, 07:40 AM   #7
buddhahat
Member
 
Registered: Sep 2003
Distribution: Slackware 10, FreeBSD 6.2, Ubuntu 7.04
Posts: 60

Original Poster
Rep: Reputation: 15
Thanks for the help. It's really appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to Close Ports janderson622 Linux - Security 21 01-04-2007 05:59 PM
How can I close ports? nectron101 Linux - Networking 3 11-27-2004 11:22 PM
how to close ports hudy Linux - Security 4 06-23-2004 12:07 PM
How do I close ports ksgill Linux - Newbie 9 10-09-2003 09:06 PM
how do i close ports. KidTonz Linux - Security 3 12-18-2001 02:43 AM


All times are GMT -5. The time now is 04:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration