How detecting and closing opened ports?

How detecting and closing opened ports?

Post by o.. » Fri, 16 Jun 2000 04:00:00



Hello,

 I want to know how I can detect the opened ports in
my system.
I use Linux RH6,  Slackware 4/7 distributions Solaris 2.5.
If they exist how I can close them?

 Thanks,

 Ould

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

How detecting and closing opened ports?

Post by Emmanuel Micho » Fri, 16 Jun 2000 04:00:00



> Hello,

>  I want to know how I can detect the opened ports in
> my system.
> I use Linux RH6,  Slackware 4/7 distributions Solaris 2.5.
> If they exist how I can close them?

netstat -a |grep LISTEN
or use nmap.

To close them, look closely and /etc/inetd.conf to close those
launched by inetd, and discard the others by finding the
appropriate daemons (lpd, portmap, xfs); you can access this
with linuxconf/control service activity GUI.

--
Emmanuel Michon
Ingnieur en dveloppement logiciel
REALmagic France      
Mobile: 0662834836 GPGkeyID: 8782772B  

 
 
 

How detecting and closing opened ports?

Post by o.. » Fri, 16 Jun 2000 04:00:00


Thank you Emmanuel for reply.
The problem is essentially with Slackware 4.
for which even X is not installed. No nmap,..
Finally when I acess lpd, portmap, xfs what two
do I had no clue, excuse me.
If the problem is longuer please forward me to appropriate
documentation.

Thanks




> > Hello,

> >  I want to know how I can detect the opened ports in
> > my system.
> > I use Linux RH6,  Slackware 4/7 distributions Solaris 2.5.
> > If they exist how I can close them?

> netstat -a |grep LISTEN
> or use nmap.

> To close them, look closely and /etc/inetd.conf to close those
> launched by inetd, and discard the others by finding the
> appropriate daemons (lpd, portmap, xfs); you can access this
> with linuxconf/control service activity GUI.

> --
> Emmanuel Michon
> Ingnieur en dveloppement logiciel
> REALmagic France
> Mobile: 0662834836 GPGkeyID: 8782772B

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

How detecting and closing opened ports?

Post by Larry Doolitt » Fri, 16 Jun 2000 04:00:00


: >  I want to know how I can detect the opened ports in
: > my system.
: > I use Linux RH6,  Slackware 4/7 distributions Solaris 2.5.
: > If they exist how I can close them?

: netstat -a |grep LISTEN
: or use nmap.

The historic tool for this job is "lsof".
Most Linux installations now include "socklist",
which is my contribution to the art, and
is designed to do exactly what you asked for.

I don't think Solaris has the overloaded /proc
filesystem like Linux and Irix, so socklist
probably couldn't be used there without a
total rewrite in 'c', and then you'd be back
to a monster like lsof.

: To close them, look closely and /etc/inetd.conf to close those
: launched by inetd, and discard the others by finding the
: appropriate daemons (lpd, portmap, xfs); you can access this
: with linuxconf/control service activity GUI.

I normally lock my systems down tightly enough
to completely eliminate inetd.  I use tcpserver
for the one or two services (smtp, auth) that
might otherwise still use inetd.  The trend in
server design (http, ssh, rpc) is for the primary
server process to take control of, and listen on,
the network port.


 
 
 

How detecting and closing opened ports?

Post by Romek Piter » Sat, 17 Jun 2000 04:00:00



<snip>

Quote:> The problem is essentially with Slackware 4.
> for which even X is not installed. No nmap,..
> Finally when I acess lpd, portmap, xfs what two
> do I had no clue, excuse me.
> If the problem is longuer please forward me to appropriate
> documentation.

<snip>

For Slakware 4 check /etc/inetd.conf  and files in /etc/rc.d  directory
such as /etc/rc.d/rc.inet2, /etc/rc.d/rc.httpd  etc. You don't need
X-windows to comment out relevant lines in these files. vi, or any other
text editor you're comfortable with, will do.

You may comment out all lines in /etc/inetd.conf, subject to your specific
requirements. You should also consider commenting out lines relevant to
nfs and rpc  in /etc/rc.d/rc.inet2 if do not really need them.
Some services (such as BIND) are already commented out when you install
Slakware 4.

Have a look at /usr/doc/Linux-HOWTOs/Security-HOWTO if you haven't done it
already. Paragraph 8.2 is particularly relevant. An example of
/etc/inetd.conf is provided in paragraph 7.4.2 of Firewall-HOWTO. Other
things to consider are tcp wrapper and ipchains (IPCHAINS-HOWTO).

To get your ports scanned go to http://hackerwacker.com
For help on ipchains go to http://www.linux-firewall-tools.com

Good luck

R Pitera
Direct your response to: r dot pitera at qmw dot ac dot uk

 
 
 

How detecting and closing opened ports?

Post by Greg Cop » Sat, 17 Jun 2000 04:00:00





> : >  I want to know how I can detect the opened ports in
> : > my system.
> : > I use Linux RH6,  Slackware 4/7 distributions Solaris 2.5.
> : > If they exist how I can close them?

> : netstat -a |grep LISTEN
> : or use nmap.

> I normally lock my systems down tightly enough
> to completely eliminate inetd.  I use tcpserver
> for the one or two services (smtp, auth) that
> might otherwise still use inetd.  The trend in
> server design (http, ssh, rpc) is for the primary
> server process to take control of, and listen on,
> the network port.

I been thinking about ditching identd and using tcpserver (I use qmail
on some servers ..)

Do you have any examples of the config for the above services ?

Do you have any advice / comments about using for ssh / proftpd - I know
that these are not recommended due to the startup overhead of being
spawned for each request - but I have serveral services that will need
these deamons infrequently - and hence do not see the point of running a
fulltime deamon from /etc/rc.d/.....

Any help appreciated.

Greg Cope

- Show quoted text -



 
 
 

How detecting and closing opened ports?

Post by Nick K » Sun, 18 Jun 2000 04:00:00




Quote:> [ tcpserver vs inetd ]

I still use inetd, even for qmail.

I've tried tcpserver with a few services, but I really miss the ability
to give it a HUP.  Kill and restart means downtime, which bugs me
in an operational server.

Quote:> ssh

sshd runs nicely as standalone - I don't see how tcpserver would be
an improvement.  inetd - maybe, though I found that problematic when
I tried.

--
Nick Kew

 
 
 

1. localhost portscan detects 2 randomly opened and closed ports - other hosts cannot see these open

This is strange.  I have a server (SuSE 7.1) which runs only SSHD and
BIND.  When scanned from a remote node it comes up as 22 and 53 only.
So initially everything seems kosher...
However when scanned from itself, it always detects open ports that
are immediately closed and revolved to other open ports.  These ports
are too small to be anything involved with SSH.  So for example ports
3184 and 1196 might be open on one scan, and then 4208 2220 on the
next run of scans.  The strange thing is they only remain open for a
few milliseconds.  I cannot telnet into them.  Not only that, but a
check of netstat or lsof reveals nothing.  Any ideas?  I've included a
couple scans below for reference...  Thanks to anyone with ideas about
this.

-Jason

******************************SNIP******************************
Suse 7.1 linuxserver:~ # netcat -z -v localhost 1-10000
localhost [127.0.0.1] 4208 (?) open
localhost [127.0.0.1] 2220 (ganymede) open
localhost [127.0.0.1] 53 (domain) open
localhost [127.0.0.1] 22 (ssh) open
Suse 7.1 linuxserver:~ # netcat -z -v localhost 1-10000
localhost [127.0.0.1] 3245 (?) open
localhost [127.0.0.1] 1257 (?) open
localhost [127.0.0.1] 53 (domain) open
localhost [127.0.0.1] 22 (ssh) open
******************************SNIP******************************

* remove ".nospam" to email me directly.

2. Smartmedia card reader (PNY technolody)

3. Is it better to stat() each time, or close()/open() to detect deleted file?

4. AIX/370 and TCF?

5. Closing open ports

6. Help! Installing LINUX with OS/2 and Win '95

7. Ports Open-Server Closed

8. Still have Virtual? Desktop Problem with X

9. Is it possible to open port 443 but close 80?

10. open/close ports

11. how do you open/close service ports in linux ?

12. open ports and how to close

13. Closing open ports