LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-30-2000, 11:08 PM   #1
gravel
LQ Newbie
 
Registered: Aug 2000
Posts: 17

Rep: Reputation: 0

Ok I am very new to Linux so bear with me. I went to http://grc.com and found that several ports were open. I am not running a dedicated firewall, YET, the 486 that I was going to use as an LRP machine died. I must say that I have 4 other computers set up on a network with a DSL connection using Zone Alarm and Black Ice for firewalls till I switch over to the LRP machine.
Now that I rambled enuff, my question is how can I close those ports that are saying "HACK ME, HACK ME, rm -rf" < i think that's right.

BTW
So far Linux really ROCKS
 
Old 08-30-2000, 11:13 PM   #2
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,597

Rep: Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080
The first thing you would want to do is comment out any unnecessary services in /etc/inetd.conf. What ports are you showing as open?
 
Old 08-31-2000, 05:06 PM   #3
gravel
LQ Newbie
 
Registered: Aug 2000
Posts: 17

Original Poster
Rep: Reputation: 0
The open ports that grc.com reports is 25 and 113, however, I haven't run a portscanner on it yet
 
Old 08-31-2000, 06:31 PM   #4
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,597

Rep: Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080
Port 25 is SMTP and port 113 is ident. Neither of those ports really scream hack me. If you don't need sendmail you may want to turn it off. After you run a portscanner let us know what ports are open.
 
Old 09-02-2000, 08:20 PM   #5
gravel
LQ Newbie
 
Registered: Aug 2000
Posts: 17

Original Poster
Rep: Reputation: 0
ok I finaly got to run nmap and here are the results:

25
113
515
6000
are all open. I would like to close them at least till I get my LRP box set up. Any ideas?
 
Old 09-02-2000, 09:42 PM   #6
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,597

Rep: Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080
Port 25 is SMTP. To close it you need to stop sendmail. On Red Hat 6.2 (which I think you are running) it would be "/etc/rc.d/init.d/sendmail stop".
Port 113 is ident. To close it "/etc/rc.d/init.d/ident stop". Some programs, such as IRC clients, may not work properly without ident.
Port 515 is for printing. You are most likely running lpr, so "/etc/rc.d/init.d/lpr stop" should take care of it.
Port 6000 is used by X. If you start X with "startx -- -nolisten tcp" it will not open the port.

NOTE: The first 3 services most likely start at boot. You will need to take them out of the startup scripts to prevent the ports from automatically being opened after the next reboot.
 
Old 09-03-2000, 12:35 AM   #7
neptuna
LQ Newbie
 
Registered: Sep 2000
Location: Delaware, USA
Posts: 2

Rep: Reputation: 0
Open Ports

Hey
Just joined this site.

Just a quick question: What nmap commands did you run against your box? If you are running a firewall, you should run some of the stealth and UDP scans (in case you are running NFS, YP, or TFTP). Should also run a no ping scan (for F/W or router blocking echo requests).
I thought I had everything sealed off until I ran these:
nmap -sS -sU -P0 host
nmap -sF -P0 host

Thanks
Jim
 
Old 09-04-2000, 02:55 AM   #8
gravel
LQ Newbie
 
Registered: Aug 2000
Posts: 17

Original Poster
Rep: Reputation: 0
I ran nmap with those parameters and still those ports are the only ones listed
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 02:03 AM
open ports on linksys, i have ssh open but thats it PlatinumRik Linux - Security 1 07-07-2005 10:38 AM
Open ports! WWMPCDD Linux - Networking 6 10-28-2004 09:29 PM
How to open ports? kaboom Linux - Networking 1 01-05-2004 05:23 PM
open ports nakkaya Linux - General 2 02-05-2003 03:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration