Closing ports

[jroed]

I am running Debian / KDE 3.3 / and 2.6.8 Kernel

I was wondering if someone could give me some help. I recently used the Shields Up service on www.grc.com and it detected several of my ports as open. I was wondering if anyone could tell me how to close or at least stealth them. The list of open ones i got is:

Port 9 - Discard
Port 13 - Daytime (RFC 867)
Port 22 - SSH Remote Login Protocol
Port 37 - Time
Port 111 - Sun Remote Procedure Call
Port 113 - auth/ident

I have heard that stealthing 113 can cause some problems with IRC and FTP. And i think i will be able to close 22 by shutting down sshd (unless i need it for something, but i don't think i do). I have iptables installed, but don't know how to configure it.

Any help would be greatly appreciated. Thank you.

[superdan7]

Have you tried reading the man pages for iptables? That may help you, or you could try linuxsecurity.com for some iptable script examples.

[kamtono]

if you don't know about iptables why you don't using firewall iptables of course you will have two advantage know the scripts to block and maybe you can create iptables firewall based on your own

why not try shorewall, it's offer so much feature
or using what i used http://www.malibyte.net/iptablesit's simple things

hope this help

[Goran]

You can drop the packets by adding these rules, but it would be better to stop the services from running in the firs place:

Code:

iptables -A INPUT -p tcp --dport 9 -j DROP
iptables -A INPUT -p tcp --dport 13 -j DROP
iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 37 -j DROP
iptables -A INPUT -p tcp --dport 111 -j DROP
iptables -A INPUT -p tcp --dport 113 -j DROP

Always use

Code:

nmap localhost

as root to see which ports are opened before connecting to the internet, and also use

Code:

netstat -tp

to see which programs are listening on which ports.

[Goran]

And check out man iptables, of course.

[xathras]

I am running Debian / KDE 3.3 / and 2.6.8 Kernel

I was wondering if someone could give me some help. I recently used the Shields Up service on www.grc.com and it detected several of my ports as open. I was wondering if anyone could tell me how to close or at least stealth them. The list of open ones i got is:

Port 9 - Discard
Port 13 - Daytime (RFC 867)
Port 22 - SSH Remote Login Protocol
Port 37 - Time
Port 111 - Sun Remote Procedure Call
Port 113 - auth/ident

I have heard that stealthing 113 can cause some problems with IRC and FTP. And i think i will be able to close 22 by shutting down sshd (unless i need it for something, but i don't think i do). I have iptables installed, but don't know how to configure it.

Any help would be greatly appreciated. Thank you.

Assume Network Subnet 192.168.0.0 being used and Firewall Server IP Address 192.168.0.2

iptables script:

iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.2 -p tcp --dport ssh -j ACCEPT
iptables -A OUTPUT -s 192.168.0.2 -d 192.168.0.0/24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.2 -p tcp --dport ssh -j REJECT
#block ssh from outside of network

#ALLOW HTTP
iptables -A OUTPUT -s 192.168.0.2 -d 0/0 -p tcp --dport http -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.2 -p tcp --sport http -j ACCEPT

Little Basic script allows SSH admin from network only and HTTP Access

[veritas]

jroed, you can close a few of those by commenting out some lines in the file /etc/inetd.conf

After you comment out time and whatever else that doesn't need to be running type

Code:

killall -HUP inetd

to restart it. Then re-run the shields up test and see if it shows the ports as being stealthy.

[guitarinvegas]

Am i the only one who clicked the grc link, checked it out... closed it. (it opened in a new window, not tab (firefox) ), then did a netstat -tp, and found it still there? the pid was the same for everything under firefox, and i just closed firefox, which removed it... but that doesnt seem sketchy to anyone else? Just looking for your input on this... thx.
btw, im getting a no file or command error when i try nmap. is there a package i didnt install? (yes i logged in as root ) Thanx again guys...
Jeff

[jroed]

I tried usiing IP Tables and wrote a script to load up all my rules at start-up, which worked well. I have since gone to using Bastille which completely solved my problems. My computer now passes grc.com 's TurStealth test. And cannot be detected at all. Plus it walks you through a lot of different security hardening steps and explains them to you. It works great.