Results 1 to 7 of 7
I am relatively new to mandrake.. I did a scan of my box using nmap.. and found lots of ports open I do not want/need, but I am not finding ...
- 02-20-2005 #1Just Joined!
- Join Date
- Feb 2005
- Posts
- 53
open ports
I am relatively new to mandrake.. I did a scan of my box using nmap.. and found lots of ports open I do not want/need, but I am not finding what file to edit to kill these ports. I thought it was init.d or something like that.. but no luck there. where should I be looking to shutdown some of these ports? mandrake 10.1 system.
thanks
- 02-20-2005 #2Just Joined!
- Join Date
- Sep 2003
- Location
- ../
- Posts
- 62
Re: open ports
netstat -tupan will give you a rundown of what is running on what ports then you should go to /etc/init.d/servicename stop to end that service if you dont need it. i wouldnt think that any vulnerable services come installed on the default installation like ftpserv telnetserv and that sort of thing
Originally Posted by doox00
- 02-20-2005 #3Just Joined!
- Join Date
- Feb 2005
- Posts
- 53
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:32768 0.0.0.0:* LISTEN 3430/xinetd
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3876/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2798/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 30761/X
tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 5353/named
tcp 0 0 192.168.1.2:53 0.0.0.0:* LISTEN 5353/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5353/named
tcp 0 0 0.0.0.0:951 0.0.0.0:* LISTEN 2889/rpc.statd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 5392/(squid)
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5353/named
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3876/smbd
tcp 0 0 0.0.0.0:701 0.0.0.0:* LISTEN 3490/rpc.mountd
tcp 0 0 192.168.0.1:3128 192.168.0.5:3448 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3449 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3450 TIME_WAIT -
tcp 0 0 192.168.0.1:3128 192.168.0.5:3451 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3452 TIME_WAIT -
tcp 0 0 192.168.0.1:3128 192.168.0.5:3453 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3454 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3455 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3441 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3442 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3443 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3444 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3445 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3446 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3456 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3457 TIME_WAIT -
tcp 0 0 192.168.1.2:40633 67.19.135.123:80 TIME_WAIT -
tcp 0 0 192.168.1.2:40627 67.19.135.123:80 TIME_WAIT -
tcp 0 0 192.168.0.1:3128 192.168.0.5:3458 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.1.2:40648 67.19.135.123:80 TIME_WAIT -
tcp 0 0 192.168.1.2:40623 67.19.135.122:80 TIME_WAIT -
tcp 0 0 192.168.0.1:3128 192.168.0.5:3459 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.0.1:3128 192.168.0.5:3460 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.1.2:40609 64.179.4.149:80 TIME_WAIT -
tcp 0 0 192.168.1.2:40610 216.239.57.99:80 ESTABLISHED 5392/(squid)
tcp 0 0 192.168.1.2:40611 216.239.57.147:80 ESTABLISHED 5392/(squid)
tcp 0 0 :::6000 :::* LISTEN 30761/X
tcp 0 0 :::22 :::* LISTEN 3371/sshd
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp 0 0 0.0.0.0:32770 0.0.0.0:* -
udp 0 0 0.0.0.0:33160 0.0.0.0:* 5353/named
udp 0 0 192.168.0.1:137 0.0.0.0:* 3887/nmbd
udp 0 0 192.168.1.2:137 0.0.0.0:* 3887/nmbd
udp 0 0 192.168.1.101:137 0.0.0.0:* 3887/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 3887/nmbd
udp 0 0 192.168.0.1:138 0.0.0.0:* 3887/nmbd
udp 0 0 192.168.1.2:138 0.0.0.0:* 3887/nmbd
udp 0 0 192.168.1.101:138 0.0.0.0:* 3887/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 3887/nmbd
udp 0 0 0.0.0.0:33164 0.0.0.0:* 5392/(squid)
udp 0 0 0.0.0.0:945 0.0.0.0:* 2889/rpc.statd
udp 0 0 0.0.0.0:948 0.0.0.0:* 2889/rpc.statd
udp 0 0 192.168.0.1:53 0.0.0.0:* 5353/named
udp 0 0 192.168.1.2:53 0.0.0.0:* 5353/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 5353/named
udp 0 0 0.0.0.0:3130 0.0.0.0:* 5392/(squid)
udp 0 0 0.0.0.0:698 0.0.0.0:* 3490/rpc.mountd
udp 0 0 0.0.0.0:3401 0.0.0.0:* 5392/(squid)
udp 0 0 0.0.0.0:4827 0.0.0.0:* 5392/(squid)
udp 0 0 0.0.0.0:111 0.0.0.0:* 2798/portmap
udp 0 0 :::33163 :::* 5353/named
all that normal?
- 02-21-2005 #4Just Joined!
- Join Date
- Sep 2003
- Location
- ../
- Posts
- 62
Originally Posted by doox00
well the squid thing seems to be taking up a ton of ports but do this, nmap scan yourself from outside your lan or get a person you trust to scan you from out side, because the ports that are open on your lan, while are still important, will not be exploited as easily as the ports seen by everyone in the internet
- 02-21-2005 #5Just Joined!
- Join Date
- Feb 2005
- Posts
- 53
I am behind a linksys router, so only thing really open is ssh, teamspeak server, and bittorent ports from the internet. not sure though how secure you really are behind a linksys router though.
- 02-21-2005 #6Just Joined!
- Join Date
- Sep 2003
- Location
- ../
- Posts
- 62
if you dont have a wireless router, dont have any untrustworthy people and your not schitzo then your alright behind that router :P Originally Posted by doox00
- 02-21-2005 #7Linux Guru
- Join Date
- Mar 2003
- Location
- Wisconsin
- Posts
- 1,907
Try turning on your firewall.
JeremyRegistered Linux user #346571
"All The Dude ever wanted was his rug back" - The Dude
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
