Find the answer to your Linux question:
Results 1 to 9 of 9
I am running Debian / KDE 3.3 / and 2.6.8 Kernel I was wondering if someone could give me some help. I recently used the Shields Up service on www.grc.com ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2005
    Posts
    32

    Closing ports


    I am running Debian / KDE 3.3 / and 2.6.8 Kernel

    I was wondering if someone could give me some help. I recently used the Shields Up service on www.grc.com and it detected several of my ports as open. I was wondering if anyone could tell me how to close or at least stealth them. The list of open ones i got is:

    Port 9 - Discard
    Port 13 - Daytime (RFC 867)
    Port 22 - SSH Remote Login Protocol
    Port 37 - Time
    Port 111 - Sun Remote Procedure Call
    Port 113 - auth/ident

    I have heard that stealthing 113 can cause some problems with IRC and FTP. And i think i will be able to close 22 by shutting down sshd (unless i need it for something, but i don't think i do). I have iptables installed, but don't know how to configure it.

    Any help would be greatly appreciated. Thank you.

  2. #2
    Just Joined!
    Join Date
    Apr 2005
    Location
    Atlanta
    Posts
    55

    Re:iptables

    Have you tried reading the man pages for iptables? That may help you, or you could try linuxsecurity.com for some iptable script examples.

  3. #3
    Just Joined!
    Join Date
    Feb 2004
    Location
    Indonesia
    Posts
    84
    if you don't know about iptables why you don't using firewall iptables of course you will have two advantage know the scripts to block and maybe you can create iptables firewall based on your own

    why not try shorewall, it's offer so much feature
    or using what i used http://www.malibyte.net/iptablesit's simple things

    hope this help

  4. #4
    Linux Newbie
    Join Date
    Jan 2004
    Location
    Belgrade, S&M
    Posts
    177
    You can drop the packets by adding these rules, but it would be better to stop the services from running in the firs place:
    Code:
    iptables -A INPUT -p tcp --dport 9 -j DROP
    iptables -A INPUT -p tcp --dport 13 -j DROP
    iptables -A INPUT -p tcp --dport 22 -j DROP
    iptables -A INPUT -p tcp --dport 37 -j DROP
    iptables -A INPUT -p tcp --dport 111 -j DROP
    iptables -A INPUT -p tcp --dport 113 -j DROP
    Always use
    Code:
    nmap localhost
    as root to see which ports are opened before connecting to the internet, and also use
    Code:
    netstat -tp
    to see which programs are listening on which ports.

  5. #5
    Linux Newbie
    Join Date
    Jan 2004
    Location
    Belgrade, S&M
    Posts
    177
    And check out man iptables, of course.

  6. #6
    Just Joined!
    Join Date
    Apr 2005
    Posts
    6

    Re: Closing ports

    Quote Originally Posted by jroed
    I am running Debian / KDE 3.3 / and 2.6.8 Kernel

    I was wondering if someone could give me some help. I recently used the Shields Up service on www.grc.com and it detected several of my ports as open. I was wondering if anyone could tell me how to close or at least stealth them. The list of open ones i got is:

    Port 9 - Discard
    Port 13 - Daytime (RFC 867)
    Port 22 - SSH Remote Login Protocol
    Port 37 - Time
    Port 111 - Sun Remote Procedure Call
    Port 113 - auth/ident

    I have heard that stealthing 113 can cause some problems with IRC and FTP. And i think i will be able to close 22 by shutting down sshd (unless i need it for something, but i don't think i do). I have iptables installed, but don't know how to configure it.

    Any help would be greatly appreciated. Thank you.
    Assume Network Subnet 192.168.0.0 being used and Firewall Server IP Address 192.168.0.2

    iptables script:

    iptables -F
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.2 -p tcp --dport ssh -j ACCEPT
    iptables -A OUTPUT -s 192.168.0.2 -d 192.168.0.0/24 -p tcp --dport ssh -j ACCEPT
    iptables -A INPUT -s 0/0 -d 192.168.0.2 -p tcp --dport ssh -j REJECT
    #block ssh from outside of network

    #ALLOW HTTP
    iptables -A OUTPUT -s 192.168.0.2 -d 0/0 -p tcp --dport http -j ACCEPT
    iptables -A INPUT -s 0/0 -d 192.168.0.2 -p tcp --sport http -j ACCEPT

    Little Basic script allows SSH admin from network only and HTTP Access

  7. #7
    Just Joined!
    Join Date
    Dec 2004
    Location
    Dallas
    Posts
    10
    jroed, you can close a few of those by commenting out some lines in the file /etc/inetd.conf

    After you comment out time and whatever else that doesn't need to be running type
    Code:
    killall -HUP inetd
    to restart it. Then re-run the shields up test and see if it shows the ports as being stealthy.

  8. #8
    Just Joined!
    Join Date
    Mar 2005
    Location
    Las Vegas
    Posts
    39
    Am i the only one who clicked the grc link, checked it out... closed it. (it opened in a new window, not tab (firefox) ), then did a netstat -tp, and found it still there? the pid was the same for everything under firefox, and i just closed firefox, which removed it... but that doesnt seem sketchy to anyone else? Just looking for your input on this... thx.
    btw, im getting a no file or command error when i try nmap. is there a package i didnt install? (yes i logged in as root ) Thanx again guys...
    Jeff

  9. #9
    Just Joined!
    Join Date
    Mar 2005
    Posts
    32

    stealthing ports with Bastille

    I tried usiing IP Tables and wrote a script to load up all my rules at start-up, which worked well. I have since gone to using Bastille which completely solved my problems. My computer now passes grc.com 's TurStealth test. And cannot be detected at all. Plus it walks you through a lot of different security hardening steps and explains them to you. It works great.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •