Closing ports - Linux Forums

04-17-2005	#1 (permalink)
jroed Just Joined! Join Date: Mar 2005 Posts: 32	Closing ports I am running Debian / KDE 3.3 / and 2.6.8 Kernel I was wondering if someone could give me some help. I recently used the Shields Up service on www.grc.com and it detected several of my ports as open. I was wondering if anyone could tell me how to close or at least stealth them. The list of open ones i got is: Port 9 - Discard Port 13 - Daytime (RFC 867) Port 22 - SSH Remote Login Protocol Port 37 - Time Port 111 - Sun Remote Procedure Call Port 113 - auth/ident I have heard that stealthing 113 can cause some problems with IRC and FTP. And i think i will be able to close 22 by shutting down sshd (unless i need it for something, but i don't think i do). I have iptables installed, but don't know how to configure it. Any help would be greatly appreciated. Thank you.

04-19-2005	#2 (permalink)
superdan7 Just Joined! Join Date: Apr 2005 Location: Atlanta Posts: 55	Re:iptables Have you tried reading the man pages for iptables? That may help you, or you could try linuxsecurity.com for some iptable script examples.

04-19-2005	#3 (permalink)
kamtono Just Joined! Join Date: Feb 2004 Location: Indonesia Posts: 84	if you don't know about iptables why you don't using firewall iptables of course you will have two advantage know the scripts to block and maybe you can create iptables firewall based on your own why not try shorewall, it's offer so much feature or using what i used http://www.malibyte.net/iptablesit's simple things hope this help

04-20-2005	#4 (permalink)
Goran Linux Newbie Join Date: Jan 2004 Location: Belgrade, S&M Posts: 177	You can drop the packets by adding these rules, but it would be better to stop the services from running in the firs place: Code: iptables -A INPUT -p tcp --dport 9 -j DROP iptables -A INPUT -p tcp --dport 13 -j DROP iptables -A INPUT -p tcp --dport 22 -j DROP iptables -A INPUT -p tcp --dport 37 -j DROP iptables -A INPUT -p tcp --dport 111 -j DROP iptables -A INPUT -p tcp --dport 113 -j DROP Always use Code: nmap localhost as root to see which ports are opened before connecting to the internet, and also use Code: netstat -tp to see which programs are listening on which ports.

04-20-2005	#5 (permalink)
Goran Linux Newbie Join Date: Jan 2004 Location: Belgrade, S&M Posts: 177	And check out man iptables, of course.

05-01-2005

#6 (permalink)

xathras

Just Joined!

Join Date: Apr 2005

Posts: 6

Re: Closing ports

Quote:

Originally Posted by jroed

I am running Debian / KDE 3.3 / and 2.6.8 Kernel

I was wondering if someone could give me some help. I recently used the Shields Up service on www.grc.com and it detected several of my ports as open. I was wondering if anyone could tell me how to close or at least stealth them. The list of open ones i got is:

Port 9 - Discard
Port 13 - Daytime (RFC 867)
Port 22 - SSH Remote Login Protocol
Port 37 - Time
Port 111 - Sun Remote Procedure Call
Port 113 - auth/ident

I have heard that stealthing 113 can cause some problems with IRC and FTP. And i think i will be able to close 22 by shutting down sshd (unless i need it for something, but i don't think i do). I have iptables installed, but don't know how to configure it.

Any help would be greatly appreciated. Thank you.

Assume Network Subnet 192.168.0.0 being used and Firewall Server IP Address 192.168.0.2

iptables script:

iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.2 -p tcp --dport ssh -j ACCEPT
iptables -A OUTPUT -s 192.168.0.2 -d 192.168.0.0/24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.2 -p tcp --dport ssh -j REJECT
#block ssh from outside of network

#ALLOW HTTP
iptables -A OUTPUT -s 192.168.0.2 -d 0/0 -p tcp --dport http -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.2 -p tcp --sport http -j ACCEPT

Little Basic script allows SSH admin from network only and HTTP Access

05-02-2005	#7 (permalink)
veritas Just Joined! Join Date: Dec 2004 Location: Dallas Posts: 10	jroed, you can close a few of those by commenting out some lines in the file /etc/inetd.conf After you comment out time and whatever else that doesn't need to be running type Code: killall -HUP inetd to restart it. Then re-run the shields up test and see if it shows the ports as being stealthy.

05-02-2005	#8 (permalink)
guitarinvegas Just Joined! Join Date: Mar 2005 Location: Las Vegas Posts: 39	Am i the only one who clicked the grc link, checked it out... closed it. (it opened in a new window, not tab (firefox) ), then did a netstat -tp, and found it still there? the pid was the same for everything under firefox, and i just closed firefox, which removed it... but that doesnt seem sketchy to anyone else? Just looking for your input on this... thx. btw, im getting a no file or command error when i try nmap. is there a package i didnt install? (yes i logged in as root ) Thanx again guys... Jeff

05-02-2005	#9 (permalink)
jroed Just Joined! Join Date: Mar 2005 Posts: 32	stealthing ports with Bastille I tried usiing IP Tables and wrote a script to load up all my rules at start-up, which worked well. I have since gone to using Bastille which completely solved my problems. My computer now passes grc.com 's TurStealth test. And cannot be detected at all. Plus it walks you through a lot of different security hardening steps and explains them to you. It works great.