Are my open ports vulnerable to attacks?
 

I was reading an o'reillys book concerning linux when I found the command "lsof -i", in which I found some interest stuff and tried to scan my ip (not localhost ofcourse) with nmap.

It gave me this >

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-28 20:19
EET
Interesting ports on *.ath.spark.net.gr (195.*.*.*):
(The 65530 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
111/tcp open rpcbind
631/tcp open ipp
765/tcp open webster
2049/tcp open nfs
32768/tcp open unknown

Nmap finished: 1 IP address (1 host up) scanned in 9.183 seconds

I would like to ask, since I am not a network guru(or a guru of anything) what are these open ports and if I am vulnerable to anything.

Actually I don't know what is ipp and webster.
As for nfs, since it concerns local network why is that open to the internet?I think I should do something about it.

And last open port unkown I think it's lime-wire, but I didn't launch the application at all when I scanned my ports.(dammit commercial products)

Would appreciate any reply at all.

You can view /etc/services file to view all ports and the services they offer.

I've already checked that and I feel kind lame for saying that, but it didn't have any helpful comments, I could just google it but I thought someone would post a one line description about these services.

Anyway I'll check it it when I get home

Re: Are my open ports vulnerable to attacks?
 

IPP is for internet printing protocol. Are you hosting any print server thru ipp or providing support for printing on this ip ?

Go to /etc/services & comment out the ports & services you wish to block.

Otherwise USE ipatbles for blocking the unauthorised acccess to these ports.

Thank you very much for the reply amitsharma_26.
I didn't knew that I could #comment the ports on /etc/services and I was searching through /etc/rc.d/ to stop it on boot but suse really is hard to configure from the console(I really start to lean in slack).
As for ipp no. So I should really stop this service.

Thanks again

tripwire, rkhunter and you will learn to hijack this!

Send your server-Ip to some hackers and you know !

:scratch:

Port 631 is used by CUPS and is the printing service. So if you do not print anything from linux then you can turn it off.

/etc/services is a file used by xinetd. AFAIK commenting out lines in this file will not block ports or services.

/etc/services is used by C functions getservbyname/getservbyport to translate numerical port number into text (23<->telnet)
So editing this file does not block any port.

Are you using nfs (network file server for sharing disks over network)? if not, disable it as well as portmap (111)
There used to be some security problems with portmap.

As stated, rkhunter, tripwire, samhain can be useful.

@ michelk ... Yes you are correct there.

@vangelis
will list all the services running...

After tht you can cross-check & close the services which are not usefull for your working scenario or which are vulnerable.

&
So that the services will be remain closed after the reboot.