LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-08-2006, 09:31 PM   #1
bugmenot60
Member
 
Registered: Mar 2006
Posts: 47

Rep: Reputation: 15
Open ports


I did a scan against myself and found:

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
674/tcp open acap
6000/tcp open X11

I don't mind having port 22 open, but I don't see the need for the
other ports. How do I turn all that crap off? Is any of it necessary?

I am running FC6 x86_64.

Thank you.
 
Old 12-09-2006, 01:01 AM   #2
Galaxy_Stranger
Member
 
Registered: Oct 2003
Distribution: CentOS 6 and Fedora
Posts: 252

Rep: Reputation: 36
Check out IPTABLES.

Or, if you have a GUI installed, go under admin tools and check out the firewall settings.
 
Old 12-09-2006, 01:07 AM   #3
bugmenot60
Member
 
Registered: Mar 2006
Posts: 47

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Galaxy_Stranger
Check out IPTABLES.

Or, if you have a GUI installed, go under admin tools and check out the firewall settings.

So I unchecked everything except ssh. Now when I scan all possible TCP ports, I get:

nmap -sT -p- localhost

Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-08 14:04 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
2208/tcp open unknown
33690/tcp open unknown


How do I tell what on earth is running on 2208 and 33690?

Thank you.
 
Old 12-09-2006, 07:55 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by bugmenot60
So I unchecked everything except ssh. Now when I scan all possible TCP ports, I get:

nmap -sT -p- localhost

Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-08 14:04 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
2208/tcp open unknown
33690/tcp open unknown


How do I tell what on earth is running on 2208 and 33690?

Thank you.
maybe try with something like:
Code:
netstat -pantu
BTW, keep in mind that you probably want to nmap from a separate machine on your LAN/WAN instead of from localhost to get a realistic/practical result... also, check your local firewall with a:
Code:
iptables -L -v -n
 
Old 12-10-2006, 07:50 AM   #5
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
One thing I'll want to do is to do a quick check of what services I'm running and close them all off. So you do: chkconfig --list and see what all is on run level 3 or 5 and shut what you dont need using chkconfig servicename off. The reason I'm saying this is that quite often there will be services which you dont even know exist but which have opened up ports on your system. If you have turned off everything you dont need and these ports are still open you might want to telnet to them and see if they reveal anything in their banners(they probably wont). If still no luck... you might want to configure iptables and setup rules allowing only what you want or explicitly blocking what you don not want(this is painful though).

Also like Win32sux mentioned you'd want to run Nmap off another system to truly understand what another person can see.

Cheers
Arvind
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 02:03 AM
open ports on linksys, i have ssh open but thats it PlatinumRik Linux - Security 1 07-07-2005 10:38 AM
Ports have to be open? Daiba Linux - Newbie 3 01-29-2004 08:39 AM
Open Ports? cli_man Linux - Security 3 04-23-2003 10:05 AM
Open Ports NSKL Slackware 8 06-04-2002 11:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration