netstat interpretation
Hi, I have a netstat -a report from my server.
I know the ssh, and it's needed. But what about sunrpc? I just want to set up a lamp server so I don't need nfs. Is is safe to turn it off? Also what's auth? Sorry for the plethora of questions. I'm holding on to my Linux Bible 2005 and praying for protection from internet daemons :jawa: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:auth *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 0 *:40831 *:* LISTEN tcp6 0 0 *:ssh *:* LISTEN tcp6 0 784 #servername:ssh #myip:1822 ESTABLISHED udp 0 0 *:32768 *:* udp 0 0 *:sunrpc *:* udp 0 0 *:628 *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 3163 @/org/kernel/udev/udevd unix 2 [ ACC ] STREAM LISTENING 5416 /var/run/acpid.socket unix 6 [ ] DGRAM 5329 /dev/log unix 2 [ ] DGRAM 5817 unix 2 [ ] DGRAM 5710 unix 2 [ ] DGRAM 5546 unix 2 [ ] DGRAM 5344 ------- My favorite websites: Buy and sell class notes, old exams, papers, lab reports, admission essays. Ask and answer Linux questions. Read free books without walking to the library. |
Try netstat with the options: -ltup (listening only, tcp, udp, display program name) Also look at the -n option.
That should be a little easier to interpret. To get more info about the registered service ports: Code:
# egrep 'sunrpc|^auth' /etc/services |
netstat -ltup
I have Craig's portsentry software that blocks portscanners. Other than that, I also have ssh. It's strange, I though ssh works in port 22, but it appears here as tcp6 2070 :confused: Then, there's the sunrpc. I'm strickly hosting a lamp server, so what would be a good way of disabling sunrpc service? Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:tcpmux *:* LISTEN 2828/portsentry tcp 0 0 *:20034 *:* LISTEN 2828/portsentry tcp 0 0 *:32771 *:* LISTEN 2828/portsentry tcp 0 0 *:32772 *:* LISTEN 2828/portsentry tcp 0 0 *:40421 *:* LISTEN 2828/portsentry tcp 0 0 *:32773 *:* LISTEN 2828/portsentry tcp 0 0 *:32774 *:* LISTEN 2828/portsentry tcp 0 0 *:31337 *:* LISTEN 2828/portsentry tcp 0 0 *:ircd *:* LISTEN 2828/portsentry tcp 0 0 *:systat *:* LISTEN 2828/portsentry tcp 0 0 *:5742 *:* LISTEN 2828/portsentry tcp 0 0 *:imap2 *:* LISTEN 2828/portsentry tcp 0 0 *:finger *:* LISTEN 2828/portsentry tcp 0 0 *:netstat *:* LISTEN 2828/portsentry tcp 0 0 *:sunrpc *:* LISTEN 1781/portmap tcp 0 0 *:54320 *:* LISTEN 2828/portsentry tcp 0 0 *:sieve *:* LISTEN 2828/portsentry tcp 0 0 *:27665 *:* LISTEN 2828/portsentry tcp 0 0 *:auth *:* LISTEN 2125/inetd tcp 0 0 *:ingreslock *:* LISTEN 2828/portsentry tcp 0 0 *:nntp *:* LISTEN 2828/portsentry tcp 0 0 *:socks *:* LISTEN 2828/portsentry tcp 0 0 *:12345 *:* LISTEN 2828/portsentry tcp 0 0 localhost:smtp *:* LISTEN 2113/exim4 tcp 0 0 *:12346 *:* LISTEN 2828/portsentry tcp 0 0 *:635 *:* LISTEN 2828/portsentry tcp 0 0 *:49724 *:* LISTEN 2828/portsentry tcp 0 0 *:uucp *:* LISTEN 2828/portsentry tcp 0 0 *:40831 *:* LISTEN 2148/rpc.statd tcp6 0 0 *:ssh *:* LISTEN 2070/dropbear udp 0 0 *:640 *:* 2832/portsentry udp 0 0 *:32768 *:* 2148/rpc.statd udp 0 0 *:641 *:* 2832/portsentry udp 0 0 *:who *:* 2832/portsentry udp 0 0 *:1 *:* 2832/portsentry udp 0 0 *:32770 *:* 2832/portsentry udp 0 0 *:32771 *:* 2832/portsentry udp 0 0 *:32772 *:* 2832/portsentry udp 0 0 *:32773 *:* 2832/portsentry udp 0 0 *:32774 *:* 2832/portsentry udp 0 0 *:echo *:* 2832/portsentry udp 0 0 *:discard *:* 2832/portsentry udp 0 0 *:snmp *:* 2832/portsentry udp 0 0 *:snmp-trap *:* 2832/portsentry udp 0 0 *:54321 *:* 2832/portsentry udp 0 0 *:700 *:* 2832/portsentry udp 0 0 *:37444 *:* 2832/portsentry udp 0 0 *:tftp *:* 2832/portsentry udp 0 0 *:31335 *:* 2832/portsentry udp 0 0 *:31337 *:* 2832/portsentry udp 0 0 *:sunrpc *:* 1781/portmap udp 0 0 *:628 *:* 2148/rpc.statd udp 0 0 *:34555 *:* 2832/portsentry udp 0 0 *:635 *:* 2832/portsentry ------- My favorite websites: Buy and sell class notes, old exams, papers, lab reports, admission essays. Ask and answer Linux questions. Read free books without walking to the library. |
Quote:
Quote:
|
you bet! ty for the advice
------- My favorite websites: Buy and sell class notes, old exams, papers, lab reports, admission essays. Ask and answer Linux questions. Read free books without walking to the library. |
Also Portsentry is (AFAIK) abandoned and deprecated. If you want "just" portscan logging see PSAD, if you'd like and IDS see Snort.
|
Well, I got port sentry from Linux Bible 2005. Wow... 3 years and it's already deprecated.
------- My favorite websites: Buy and sell class notes, old exams, papers, lab reports, admission essays. Ask and answer Linux questions. Read free books without walking to the library. |
All times are GMT -5. The time now is 01:00 AM. |