Find the answer to your Linux question:
Results 1 to 6 of 6
So I did a port test by two different web sources (One is GRC's "shields up!") And both results show that ports 23 & 443 are open. Im not worried ...
  1. 02-25-2010 #1
    czarcasm
    czarcasm is offline
    Just Joined!
    Join Date
    Jan 2010
    Posts
    3

    Question ports 23 & 443 open

    So I did a port test by two different web sources (One is GRC's "shields up!")

    And both results show that ports 23 & 443 are open. Im not worried so much about 443 since the port-test site is an https site. But why would telnet port be open?

    I tried closing 23 using:

    sudo -i
    ufw deny 23
    ufw enable
    ufw status
    -------------------
    ufw results are:

    Status: active

    To Action From
    -- ------ ----
    23 DENY Anywhere
    -------------------

    But when I re-scan on both sites it still shows port 23 as being open.

    Im I doing something wrong?

    Oh by the way when I run : sudo netstat -tunap|grep 23

    I get:

    tcp 0 0 192.168.1.201:55387 76.13.15.43:5050 ESTABLISHED 3232/telepathy-haze
    tcp 0 0 192.168.1.201:48450 64.233.183.100:80 ESTABLISHED 2680/google-chrome

    How can the port be shown as still open? What else can I do?
    Should I worry to begin with?
    Reply With Quote Reply With Quote
  2. 02-25-2010 #2
    Thrillhouse
    Thrillhouse is offline
    Linux Engineer Thrillhouse's Avatar
    Join Date
    Jun 2006
    Location
    Arlington, VA, USA
    Posts
    1,377
    The surest way to block a port is with iptables. Post the output of:
    Code:
    /sbin/iptables -L
    Reply With Quote Reply With Quote
  3. 02-25-2010 #3
    czarcasm
    czarcasm is offline
    Just Joined!
    Join Date
    Jan 2010
    Posts
    3
    Quote Originally Posted by Thrillhouse View Post
    The surest way to block a port is with iptables. Post the output of:
    Code:
    /sbin/iptables -L
    Thats a big output so I'll just post what I think is relevant:


    Chain ufw-user-input (1 references)
    target prot opt source destination
    DROP tcp -- anywhere anywhere tcp dpt:telnet
    DROP udp -- anywhere anywhere udp dpt:23

    Thanks
    Reply With Quote Reply With Quote
  4. 02-25-2010 #4
    Thrillhouse
    Thrillhouse is offline
    Linux Engineer Thrillhouse's Avatar
    Join Date
    Jun 2006
    Location
    Arlington, VA, USA
    Posts
    1,377
    It looks like you might have a custom firewall built. The "ufw-user-input" chain is not one that comes standard on any Linux distribution, I think.

    Whatever the case may be, try adding this rule:
    Code:
    iptables -I INPUT -p tcp --dport 23 -j DROP
    Reply With Quote Reply With Quote
  5. 02-25-2010 #5
    czarcasm
    czarcasm is offline
    Just Joined!
    Join Date
    Jan 2010
    Posts
    3
    What is telnet typically used for? If I remove it using: apt-get remove --purge telnetd

    Could I easily get it back if I ever need it?
    Reply With Quote Reply With Quote
  6. 02-25-2010 #6
    Thrillhouse
    Thrillhouse is offline
    Linux Engineer Thrillhouse's Avatar
    Join Date
    Jun 2006
    Location
    Arlington, VA, USA
    Posts
    1,377
    Telnet used to be used for remote access but it's woefully insecure. The connection between two endpoints is unencrypted so anyone who wants to can see what you're sending/receiving (including password data if you're authenticating). The only real applicable use for telnet these days IMO is to check and see if ports are open ('telnet host x' will tell you if port x is open on 'host'). If you need remote access, use SSH instead.

    And yes, you can easily get it back if you uninstall it but uninstalling it does not mean the port will be closed (I've seen some package managers do this and some not).
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...