LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   unknown port allways open :\ (http://www.linuxquestions.org/questions/slackware-14/unknown-port-allways-open-%5C-330838/)

mebae 06-06-2005 08:15 AM

unknown port allways open :\
 
Hi
I installed slackware on my box.. I disabled unneeded deamons and then i try to scan my ports i get this:
Code:

ee@buu:~$ nmap localhost

Starting nmap 3.81 ( ***** ) at 2005-06-06 15:44 EEST
Interesting ports on localhost (127.0.0.1):
(The 1661 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
22/tcp  open  ssh
966/tcp open  unknown

Nmap finished: 1 IP address (1 host up) scanned in 0.451 seconds
ee@buu:~$

before it was a 820 then with iptables I closed that port

Code:

/usr/sbin/iptables -A INPUT -p tcp -m tcp -i eth0 --dport 820 DROP
what can I do more?


sorry for my bad english
Thanks

bathory 06-06-2005 08:18 AM

Run:
Code:

fuser -v -n tcp 966
to find what service uses this port and stop it.

Regards

mebae 06-06-2005 08:27 AM

Code:

root@buu:/home/ee# fuser -v -n tcp 966
here: 966

                    USER        PID ACCESS COMMAND
966/tcp              root      3758 f....  inetd

:\ i have shared internet for another windows pc in my home..

so i can disable this service?

bathory 06-06-2005 08:44 AM

Take a look at /etc/inetd.conf to see what daemon is running through inetd and disable it. You can also run
Code:

/etc/rc.d/rc.inetd stop
to stop inetd.

mebae 06-06-2005 08:51 AM

THANK you all

it was http://oss.sgi.com/projects/fam/

michaelsanford 06-06-2005 03:50 PM

FAM is a file monitoring daemon : "FAM helps make GUI tools more usable by notifying them when the files they're interested in are created, modified, executed, and removed."

Why do you want to disable it?

Also, that's a nice iptables rule but it's useless because you're nmapping from localhost which bypasses the firewall (that -i eth0 specifies that the rule matches a packet coming in on eth0, but `nmap localhost` doesn't use eth0 it uses lo0, the loopback interface).

mebae 06-06-2005 04:01 PM

michaelsanford, thanks for explaint. Hm.. I formerly said what I have another windows box in my home. And then I try scan 10.0.0.1 (linux box) i get same result.

michaelsanford 06-06-2005 06:37 PM

That's ok too, I just thought I'd mention the loopback thing, because it can give misleading results. But testing from another machine is definitely a great way to test, and if you want it closed for whatever specific reason then iptables is a good way to do it.

Also, are you sure that FAM uses TCP and not UDP ? If you're unsure just add a second rule identical to the first except use -p udp and see if that helps.

Also, if you JUST recently portscanned then the connection might still be open between the windows box and your Linux box and new iptables rules apply only to new connections (unless you specify otherwise), so you might want to wait a little bit for the connection to close. Again I'm not too sure on the inner workings of FAM, I'm only mentioning this for information's sake.


All times are GMT -5. The time now is 09:56 PM.