I have these ports shown when I run nmap

21/tcp open ftp
37/tcp open time
79/tcp open finger
113/tcp open auth
6000/tcp open X11

Which one is the biggest swcurity risk, and how would I shut down the service. I am using slackware 9.1I have these ports shown when I run nmap

I commented out my entire inetd.conf. Can't remember what else. Whichever one a cracker gets through is the most dangerous.

thanks that worked.

could someone explain why this works, or just point me in the right direction

inetd is the Internet "super-server" daemon, which listens on a number of ports, and only starts up the requested service when needed. To disable:

. /etc/rc.d/rc.inetd stop
chmod -x /etc/rc.d/rc.inetd

/etc/inetd.conf has all of the settings for inetd - read man inetd.

You should consider what you need inetd for. By default, inetd runs four services: ftp, finger, auth, and time. FTP is useful, the others usually aren't (and finger is a security risk in some ways). If you need FTP, you're better off using SFTP, which is handled by sshd.

Just as a general rule - if you don't need it, don't run it.

Also, regarding the X11 port - it is used for X11 forwarding, which I find very useful. If you need more info on this, feel free to ask.

Okay, I'll ask. I think that's the only thing I have open and I left it just because I couldn't figure out if I needed it or not. (The X11, I mean.) I assume it only has to do with accessing (or being) a remote X server rather than on my own box, but wasn't sure. Also, is my understanding correct that I only need ftp if I'm serving ftp? I have it shut and still access ftp sites.

" is my understanding correct that I only need ftp if I'm serving ftp? I have it shut and still access ftp sites."

that is my understanding

Cool. Just wanted to make sure I didn't get bit by anything. Probably the same thing goes for X11 - the whole bundle is useless for a lonely ol' workstation/www client.

Yes, the ftp provided by inetd (proftpd 1.2.9) is only needed if you want to run an FTP server. And as I said, you should be using SSH, which allows you to access your files securely using SFTP. Normal FTP is unencrypted!

I'm not sure how to stop X11 from listening on port 6000 - however, without a specific setting in /etc/ssh/sshd_config (and sshd running), it is *not* accessible remotely. If you would like to connect to your X server remotely, use the following instructions.

In /etc/ssh/sshd_config on your machine, uncomment X11Forwarding, and change it to 'yes'. (Re)start sshd. Then, from another machine with its own X server, type:

ssh -X user@host

Once you're logged in, any X app you run will open on the local display.

Restart the inetd daemon for changes to take affect after editing, etc.

And you can do a startx -nolisten tcp so it doesn't broadcast on port 6000, etc.

Cool. As long as it's not needed, I'll do that.

Anyone know how to stop X from listening on port 6000 when using KDM? I put -nolisten tcp in my /usr/X11R6/bin/startx script but no joy. Appreciate any help.

I have the same problem. Anyone have the solution?

what's the 113/auth port for?

I think I need it to authorize my machine to the WLAN of my college.

Where did you put it?
It should look like this: serverargs="-nolisten tcp"

Works for me.