nmap results

qwertyjjj · 08-08-2009, 01:34 AM

Any ideas what ipp, rndc, and ufsd are and whether they need to be open ports?

Code:

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-08-08 07:32 BST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1671 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
111/tcp  open  rpcbind
631/tcp  open  ipp
953/tcp  open  rndc
1008/tcp open  ufsd
3128/tcp open  squid-http
3306/tcp open  mysql
5555/tcp open  freeciv

acid_kewpie · 08-08-2009, 02:10 AM

As you could have found very quickly on google, 631 is printing (the cups service in this case most likely)

953, rndc, is the Remote Name Daemon Control, part of bind.

as for ufsd, I'm actually not sure, most chat about this port seems to be about a worm, but if you run "netstat -plnt" as root you'll see what programs are listening to all of these ports, and will quickly fill in any blanks.

qwertyjjj · 08-09-2009, 05:16 AM

Quote:

Originally Posted by acid_kewpie

As you could have found very quickly on google, 631 is printing (the cups service in this case most likely)

953, rndc, is the Remote Name Daemon Control, part of bind.

as for ufsd, I'm actually not sure, most chat about this port seems to be about a worm, but if you run "netstat -plnt" as root you'll see what programs are listening to all of these ports, and will quickly fill in any blanks.

I did look but the results were a bit hit and miss. Seems strange that a hosting company would leave open a port for printing?

Seems to give the following:

Code:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             Stat                                                                                                 e       PID/Program name
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LIST                                                                                                 EN      26937/mysqld
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LIST                                                                                                 EN      2446/portmap
tcp        0      0 0.0.0.0:1008                0.0.0.0:*                   LIST                                                                                                 EN      11002/rpc.statd
tcp        0      0 0.0.0.0:5555                0.0.0.0:*                   LIST                                                                                                 EN      2889/httpd-matrixsa
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LIST                                                                                                 EN      26704/named
tcp        0      0 127.0.0.1:8087              0.0.0.0:*                   LIST                                                                                                 EN      17066/python
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LIST                                                                                                 EN      10858/cupsd
tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LIST                                                                                                 EN      27603/(squid)
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LIST                                                                                                 EN      26704/named
tcp        0      0 ::1:53                      :::*                        LIST                                                                                                 EN      26704/named
tcp        0      0 :::22                       :::*                        LIST                                                                                                 EN      10819/sshd
tcp        0      0 ::1:953                     :::*                        LIST                                                                                                 EN      26704/named

What is "named"?
I don't have port 631 open in my iptables file so not sure why it's there.

acid_kewpie · 08-09-2009, 10:55 AM

the port isn't "open" so much, just that there's cups running. You've only scanning your loopback interface, which is naturally not reachable from outside of the box.

Oh, and run that netstat command as root for more information in the output, sorry.

qwertyjjj · 08-09-2009, 11:01 AM

Quote:

Originally Posted by acid_kewpie

the port isn't "open" so much, just that there's cups running. You've only scanning your loopback interface, which is naturally not reachable from outside of the box.

Oh, and run that netstat command as root for more information in the output, sorry.

Any ideas how to turn it off?
A google search brings a few dodgy options with error messages.

custangro · 08-09-2009, 11:12 AM

Quote:

Originally Posted by qwertyjjj

What is "named"?

http://lmgtfy.com/?q=Linux+named

chrism01 · 08-09-2009, 06:52 PM

If you don't need printing,

service cupds stop
chkconfig cupsd off

ufsd is file system http://www.paragon-software.com/ntfs/ufsd.html

qwertyjjj · 08-09-2009, 07:01 PM

Quote:

Originally Posted by chrism01

If you don't need printing,

service cupds stop
chkconfig cupsd off

ufsd is file system http://www.paragon-software.com/ntfs/ufsd.html

those commands don;t work - unrecognized service.
I just killed the PID instead but won't it start up again?

qwertyjjj · 08-09-2009, 07:06 PM

Quote:

Originally Posted by qwertyjjj

those commands don;t work - unrecognized service.
I just killed the PID instead but won't it start up again?

aha - the service is cups even though the program is cupsd.
Lol why not just call them the same thing in the program variables