rules.drakx in /etc/shorewall
rules.drakx in /etc/shorewall
Does anyone know why these three ports (11,6000,631) are open? Is this normal, or at least okay? Is there anything strange here? I configured the firewall to HIGH setting, and did not check any boxes to allow ANY outside services to connect. Ferrel ps: Sorry if my query is overly generalized. Mandriva 2007.0 on x86_64 The file /etc/shorewall/rules.drakx is a product of the Mandriva 2007.0 installation process, and states: ACCEPT net fw tcp 111,6000,631 - ---------------------------------------------------------------------------- I ran the following scan on my computer (output following): $ nmap 24.238.220.89 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-20 15:33 CDT Interesting ports on user-0cetn2p.cable.mindspring.com (24.238.220.89): Not shown: 1677 closed ports PORT STATE SERVICE 111/tcp open rpcbind 631/tcp open ipp 6000/tcp open X11 ---------------------------------------------------------------------------- I ran this scan: $ nmap -A -v 24.238.220.89 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-20 15:45 CDT DNS resolution of 1 IPs took 0.04s. Initiating Connect() Scan against user-0cetn2p.cable.mindspring.com (24.238.220. 89) [1680 ports] at 15:45 Discovered open port 6000/tcp on 24.238.220.89 Discovered open port 631/tcp on 24.238.220.89 Discovered open port 111/tcp on 24.238.220.89 The Connect() Scan took 0.04s to scan 1680 total ports. Initiating service scan against 3 services on user-0cetn2p.cable.mindspring.com (24.238.220.89) at 15:45 The service scan took 6.11s to scan 3 services on 1 host. Initiating RPCGrind Scan against user-0cetn2p.cable.mindspring.com (24.238.220.8 9) at 15:46 The RPCGrind Scan took 0.00s to scan 1 ports on user-0cetn2p.cable.mindspring.co m (24.238.220.89). Host user-0cetn2p.cable.mindspring.com (24.238.220.89) appears to be up ... good . Interesting ports on user-0cetn2p.cable.mindspring.com (24.238.220.89): Not shown: 1677 closed ports PORT STATE SERVICE VERSION 111/tcp open rpc 631/tcp open ipp CUPS 1.2 6000/tcp open X11 (access denied) Service Info: OS: Unix Nmap finished: 1 IP address (1 host up) scanned in 6.372 seconds ---------------------------------------------------------------------------- The /etc/shorewall/policy file states: #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL loc net ACCEPT loc fw ACCEPT fw loc ACCEPT fw net ACCEPT net all DROP info all all REJECT info ---------------------------------------------------------------------------- This file ends here. -------------------------------------------------------------------------- |
Quote:
Port 111 is used by rpcbind. A Google search returns this Unix Manual Page. I have no reason to permit remote log in here (this is my personal desktop system), so I disable or remove such services. If you are not providing services to other computers you probably do not need this running. Port 631 is used by the Cups print server. You can configure cups and manage print jobs from a WEB browser with the following URI: Code:
localhost:631 Port 6000 is used by the X11 server. If you need to log in to your computer from a remote machine (perhaps via ssh) this is the port to use. Again, I do not allow remote log in so this port is closed here. HTH, |
All times are GMT -5. The time now is 06:00 AM. |