Find the answer to your Linux question:
Results 1 to 7 of 7
I am relatively new to mandrake.. I did a scan of my box using nmap.. and found lots of ports open I do not want/need, but I am not finding ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2005
    Posts
    53

    open ports


    I am relatively new to mandrake.. I did a scan of my box using nmap.. and found lots of ports open I do not want/need, but I am not finding what file to edit to kill these ports. I thought it was init.d or something like that.. but no luck there. where should I be looking to shutdown some of these ports? mandrake 10.1 system.

    thanks

  2. #2
    Just Joined!
    Join Date
    Sep 2003
    Location
    ../
    Posts
    62

    Re: open ports

    Quote Originally Posted by doox00
    I am relatively new to mandrake.. I did a scan of my box using nmap.. and found lots of ports open I do not want/need, but I am not finding what file to edit to kill these ports. I thought it was init.d or something like that.. but no luck there. where should I be looking to shutdown some of these ports? mandrake 10.1 system.

    thanks
    netstat -tupan will give you a rundown of what is running on what ports then you should go to /etc/init.d/servicename stop to end that service if you dont need it. i wouldnt think that any vulnerable services come installed on the default installation like ftpserv telnetserv and that sort of thing

  3. #3
    Just Joined!
    Join Date
    Feb 2005
    Posts
    53
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:32768 0.0.0.0:* LISTEN 3430/xinetd
    tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3876/smbd
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2798/portmap
    tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 30761/X
    tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 5353/named
    tcp 0 0 192.168.1.2:53 0.0.0.0:* LISTEN 5353/named
    tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5353/named
    tcp 0 0 0.0.0.0:951 0.0.0.0:* LISTEN 2889/rpc.statd
    tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 5392/(squid)
    tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5353/named
    tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3876/smbd
    tcp 0 0 0.0.0.0:701 0.0.0.0:* LISTEN 3490/rpc.mountd
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3448 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3449 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3450 TIME_WAIT -
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3451 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3452 TIME_WAIT -
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3453 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3454 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3455 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3441 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3442 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3443 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3444 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3445 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3446 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3456 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3457 TIME_WAIT -
    tcp 0 0 192.168.1.2:40633 67.19.135.123:80 TIME_WAIT -
    tcp 0 0 192.168.1.2:40627 67.19.135.123:80 TIME_WAIT -
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3458 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.1.2:40648 67.19.135.123:80 TIME_WAIT -
    tcp 0 0 192.168.1.2:40623 67.19.135.122:80 TIME_WAIT -
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3459 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3460 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.1.2:40609 64.179.4.149:80 TIME_WAIT -
    tcp 0 0 192.168.1.2:40610 216.239.57.99:80 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.1.2:40611 216.239.57.147:80 ESTABLISHED 5392/(squid)
    tcp 0 0 :::6000 :::* LISTEN 30761/X
    tcp 0 0 :::22 :::* LISTEN 3371/sshd
    udp 0 0 0.0.0.0:2049 0.0.0.0:* -
    udp 0 0 0.0.0.0:32770 0.0.0.0:* -
    udp 0 0 0.0.0.0:33160 0.0.0.0:* 5353/named
    udp 0 0 192.168.0.1:137 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.1.2:137 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.1.101:137 0.0.0.0:* 3887/nmbd
    udp 0 0 0.0.0.0:137 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.0.1:138 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.1.2:138 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.1.101:138 0.0.0.0:* 3887/nmbd
    udp 0 0 0.0.0.0:138 0.0.0.0:* 3887/nmbd
    udp 0 0 0.0.0.0:33164 0.0.0.0:* 5392/(squid)
    udp 0 0 0.0.0.0:945 0.0.0.0:* 2889/rpc.statd
    udp 0 0 0.0.0.0:948 0.0.0.0:* 2889/rpc.statd
    udp 0 0 192.168.0.1:53 0.0.0.0:* 5353/named
    udp 0 0 192.168.1.2:53 0.0.0.0:* 5353/named
    udp 0 0 127.0.0.1:53 0.0.0.0:* 5353/named
    udp 0 0 0.0.0.0:3130 0.0.0.0:* 5392/(squid)
    udp 0 0 0.0.0.0:698 0.0.0.0:* 3490/rpc.mountd
    udp 0 0 0.0.0.0:3401 0.0.0.0:* 5392/(squid)
    udp 0 0 0.0.0.0:4827 0.0.0.0:* 5392/(squid)
    udp 0 0 0.0.0.0:111 0.0.0.0:* 2798/portmap
    udp 0 0 :::33163 :::* 5353/named


    all that normal?

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2003
    Location
    ../
    Posts
    62
    Quote Originally Posted by doox00
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:32768 0.0.0.0:* LISTEN 3430/xinetd
    tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3876/smbd
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2798/portmap
    tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 30761/X
    tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 5353/named
    tcp 0 0 192.168.1.2:53 0.0.0.0:* LISTEN 5353/named
    tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5353/named
    tcp 0 0 0.0.0.0:951 0.0.0.0:* LISTEN 2889/rpc.statd
    tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 5392/(squid)
    tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5353/named
    tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3876/smbd
    tcp 0 0 0.0.0.0:701 0.0.0.0:* LISTEN 3490/rpc.mountd
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3448 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3449 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3450 TIME_WAIT -
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3451 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3452 TIME_WAIT -
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3453 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3454 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3455 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3441 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3442 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3443 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3444 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3445 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3446 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3456 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3457 TIME_WAIT -
    tcp 0 0 192.168.1.2:40633 67.19.135.123:80 TIME_WAIT -
    tcp 0 0 192.168.1.2:40627 67.19.135.123:80 TIME_WAIT -
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3458 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.1.2:40648 67.19.135.123:80 TIME_WAIT -
    tcp 0 0 192.168.1.2:40623 67.19.135.122:80 TIME_WAIT -
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3459 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.0.1:3128 192.168.0.5:3460 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.1.2:40609 64.179.4.149:80 TIME_WAIT -
    tcp 0 0 192.168.1.2:40610 216.239.57.99:80 ESTABLISHED 5392/(squid)
    tcp 0 0 192.168.1.2:40611 216.239.57.147:80 ESTABLISHED 5392/(squid)
    tcp 0 0 :::6000 :::* LISTEN 30761/X
    tcp 0 0 :::22 :::* LISTEN 3371/sshd
    udp 0 0 0.0.0.0:2049 0.0.0.0:* -
    udp 0 0 0.0.0.0:32770 0.0.0.0:* -
    udp 0 0 0.0.0.0:33160 0.0.0.0:* 5353/named
    udp 0 0 192.168.0.1:137 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.1.2:137 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.1.101:137 0.0.0.0:* 3887/nmbd
    udp 0 0 0.0.0.0:137 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.0.1:138 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.1.2:138 0.0.0.0:* 3887/nmbd
    udp 0 0 192.168.1.101:138 0.0.0.0:* 3887/nmbd
    udp 0 0 0.0.0.0:138 0.0.0.0:* 3887/nmbd
    udp 0 0 0.0.0.0:33164 0.0.0.0:* 5392/(squid)
    udp 0 0 0.0.0.0:945 0.0.0.0:* 2889/rpc.statd
    udp 0 0 0.0.0.0:948 0.0.0.0:* 2889/rpc.statd
    udp 0 0 192.168.0.1:53 0.0.0.0:* 5353/named
    udp 0 0 192.168.1.2:53 0.0.0.0:* 5353/named
    udp 0 0 127.0.0.1:53 0.0.0.0:* 5353/named
    udp 0 0 0.0.0.0:3130 0.0.0.0:* 5392/(squid)
    udp 0 0 0.0.0.0:698 0.0.0.0:* 3490/rpc.mountd
    udp 0 0 0.0.0.0:3401 0.0.0.0:* 5392/(squid)
    udp 0 0 0.0.0.0:4827 0.0.0.0:* 5392/(squid)
    udp 0 0 0.0.0.0:111 0.0.0.0:* 2798/portmap
    udp 0 0 :::33163 :::* 5353/named


    all that normal?

    well the squid thing seems to be taking up a ton of ports but do this, nmap scan yourself from outside your lan or get a person you trust to scan you from out side, because the ports that are open on your lan, while are still important, will not be exploited as easily as the ports seen by everyone in the internet

  6. #5
    Just Joined!
    Join Date
    Feb 2005
    Posts
    53
    I am behind a linksys router, so only thing really open is ssh, teamspeak server, and bittorent ports from the internet. not sure though how secure you really are behind a linksys router though.

  7. #6
    Just Joined!
    Join Date
    Sep 2003
    Location
    ../
    Posts
    62
    Quote Originally Posted by doox00
    I am behind a linksys router, so only thing really open is ssh, teamspeak server, and bittorent ports from the internet. not sure though how secure you really are behind a linksys router though.
    if you dont have a wireless router, dont have any untrustworthy people and your not schitzo then your alright behind that router :P

  8. #7
    Linux Guru
    Join Date
    Mar 2003
    Location
    Wisconsin
    Posts
    1,907
    Try turning on your firewall.

    Jeremy
    Registered Linux user #346571
    "All The Dude ever wanted was his rug back" - The Dude

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •