Re: closeing open ports
On Sun, Apr 29, 2001 at 04:20:14PM -0300, Rogerio Bastos wrote: > > Another usefull thing to do when the port you want to close is not listed on > /etc/services and you don't have a clue of what service is binded to that > port is to run (as root) fuser -a -n proto port, where proto may be tcp, udp > or file. For example, if you are serving http with apache at port 80: > > #fuser -a -n tcp 80 > > It will return the pid(s) that apache is using. lsof can also be used in a similar manner. # lsof -i :80 -B -- Brandon High [EMAIL PROTECTED] War is Peace. Slavery is Freedom. AOL is the Internet.
Re: closeing open ports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday 29 April 2001 05:13, Michael Earls wrote: > What file do i need to edit to close open ports, > > ex, port 111 /tcp sunrpc > 515/ tcp printer > 2000/ tcp callback > Another usefull thing to do when the port you want to close is not listed on /etc/services and you don't have a clue of what service is binded to that port is to run (as root) fuser -a -n proto port, where proto may be tcp, udp or file. For example, if you are serving http with apache at port 80: #fuser -a -n tcp 80 It will return the pid(s) that apache is using. - -- - -- echo "[EMAIL PROTECTED]" | tr -d A-Z "...one ring to rule them all... ...one ring to find them... ...one ring to bring them all and in the darkness bind them..." - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD4DBQE67GluReiO4HOP+5gRAgELAJdsvg734metfVA4rpu86yv6KO/MAJwKGkiW hWO9GC4MFlUX2iILe29aJw== =8Auw -END PGP SIGNATURE-
Re: closeing open ports
On Sun, Apr 29, 2001 at 11:38:25AM -0700, Michael Earls wrote: > that was great info, but i do not need to masq any ips, i just need to > limit the ports being open, i have edited inetd.conf, but there were some > ports not listed in there. here is a port scan on my box, > > [EMAIL PROTECTED] mearls]# nmap -sS -sU vermeer > > Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ ) > Interesting ports on vermeer.michaelearls.com (207.86.78.22): > (The 3092 ports scanned but not shown below are in state: closed) > Port State Service > 21/tcp openftp > 22/tcp openssh > 25/tcp opensmtp > 69/udp filteredtftp > 80/tcp openhttp > 111/tcpopensunrpc > 111/udpopensunrpc > 138/udpopennetbios-dgm > 515/tcpopenprinter > 517/udpopentalk > 1024/tcp openkdm > 1025/udp openblackjack > 1026/udp openunknown > > Nmap run completed -- 1 IP address (1 host up) scanned in 1709 seconds > > from port 111 to 1026. I only need the first ones open, does your ipchain > script do that without trying to masq or what do i need to change to fix > that. Yes you can filter without masq, and you should in your situation but you should also learn what services your box is running and how to shut them down. You have a web server, portmap, etc. running. If you aren't using those at this time there really isn't a reason to run them. I sent either you or another person on the list instructions on how to do so using portmap as an example. You can do the same thing with many other services. If you didn't see my post or didn't understand or I messed up somewhere post back and let me know. kent -- From seeing and seeing the seeing has become so exhausted First line of "The Panther" - R. M. Rilke
Re: closeing open ports
On Sun, Apr 29, 2001, Michael Earls wrote: > that was great info, but i do not need to masq any ips, i just need to > limit the ports being open, i have edited inetd.conf, but there were some > ports not listed in there. here is a port scan on my box, > Mike, Hi. I just joined thread so I can't comment on much, but make sure you're not running portsentry (or understand better its implications), since it will bind to many of your ports to track attempted connects (in other words, you might actually be seeing portsentry and not the listed services on those ports). Hope I haven't missed something else joining this thread now, and, if so, please accept my apologies. Hope this helps and take care, Daniel -- Daniel A. Freedman Laboratory for Atomic and Solid State Physics Department of Physics Cornell University
RE: closeing open ports
that was great info, but i do not need to masq any ips, i just need to limit the ports being open, i have edited inetd.conf, but there were some ports not listed in there. here is a port scan on my box, [EMAIL PROTECTED] mearls]# nmap -sS -sU vermeer Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ ) Interesting ports on vermeer.michaelearls.com (207.86.78.22): (The 3092 ports scanned but not shown below are in state: closed) Port State Service 21/tcp openftp 22/tcp openssh 25/tcp opensmtp 69/udp filteredtftp 80/tcp openhttp 111/tcpopensunrpc 111/udpopensunrpc 138/udpopennetbios-dgm 515/tcpopenprinter 517/udpopentalk 1024/tcp openkdm 1025/udp openblackjack 1026/udp openunknown Nmap run completed -- 1 IP address (1 host up) scanned in 1709 seconds from port 111 to 1026. I only need the first ones open, does your ipchain script do that without trying to masq or what do i need to change to fix that. Thanks for your time michael -Original Message- From: Osamu Aoki [mailto:[EMAIL PROTECTED] Behalf Of Osamu Aoki Sent: Sunday, April 29, 2001 2:05 AM To: Michael Earls Cc: debian-user@lists.debian.org Subject: Re: closeing open ports On Sun, Apr 29, 2001 at 01:38:33AM -0700, Michael Earls wrote: > What is a good starting point / reference point on ipchains. I have it > installedx but not config. Is there a file that i can edit for ipchains? > > I only need 21 ftp 22 ssh 25 smtp 80 http You may want to open auth too. Closing service can be done by /etc/inetd and update-rc.d but for your purpose installing ipchain based firewall may be better. If this is gateway machine, you want to install ipmasq package. To close service, by ipchain, follow http://bugs.debian.org/87499 The script attached is actually for potato ipmasq. My quick reference site has same info. -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki <[EMAIL PROTECTED]>, GnuPG-key: 1024D/D5DE453D + + My debian quick-reference, http://www.aokiconsulting.com/quick/+
Re: closeing open ports
On Sun, Apr 29, 2001 at 01:38:33AM -0700, Michael Earls wrote: > What is a good starting point / reference point on ipchains. I have it > installedx but not config. Is there a file that i can edit for ipchains? > > I only need 21 ftp 22 ssh 25 smtp 80 http You may want to open auth too. Closing service can be done by /etc/inetd and update-rc.d but for your purpose installing ipchain based firewall may be better. If this is gateway machine, you want to install ipmasq package. To close service, by ipchain, follow http://bugs.debian.org/87499 The script attached is actually for potato ipmasq. My quick reference site has same info. -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki <[EMAIL PROTECTED]>, GnuPG-key: 1024D/D5DE453D + + My debian quick-reference, http://www.aokiconsulting.com/quick/+ pgpkkn11F3cgO.pgp Description: PGP signature
RE: closeing open ports
What is a good starting point / reference point on ipchains. I have it installedx but not config. Is there a file that i can edit for ipchains? I only need 21 ftp 22 ssh 25 smtp 80 http what would be a good script for that? thanks again michael -Original Message- From: Brandon High [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2001 10:21 PM To: Michael Earls Cc: debian-user@lists.debian.org Subject: Re: closeing open ports On Sun, Apr 29, 2001 at 01:13:07AM -0700, Michael Earls wrote: > What file do i need to edit to close open ports, > > ex, port 111 /tcp sunrpc > 515/ tcp printer > 2000/ tcp callback Install and configure ipchains. There are various firewall packages that you can configure on top of ipchains as well to provide more monitoring. Ideally have minimal ports open. My gateway box has only 5 ports open for misc sevices such as http and ssh. -B -- Brandon High [EMAIL PROTECTED] If you lend someone $20, and never see that person again; it was probably worth it.
Re: closeing open ports
On Sun, Apr 29, 2001 at 01:13:07AM -0700, Michael Earls wrote: > What file do i need to edit to close open ports, > > ex, port 111 /tcp sunrpc > 515/ tcp printer > 2000/ tcp callback > Also comment out everything you don't need in - /etc/inetd.conf and run - # /etc/init.d/inetd restart kent -- From seeing and seeing the seeing has become so exhausted First line of "The Panther" - R. M. Rilke
Re: closeing open ports
On Sun, Apr 29, 2001 at 01:13:07AM -0700, Michael Earls wrote: > What file do i need to edit to close open ports, > > ex, port 111 /tcp sunrpc > 515/ tcp printer > 2000/ tcp callback Run the command - # lsof | grep LISTEN This is another option - $ less /etc/services | grep 111 sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP kx 2111/tcp# X over Kerberos As you can see it's portmap. Kill the running process and - # update-rc.d -f portmap remove Take a look at the man pages "lsof" and "update-rc.d" for more detail. hth, kent -- From seeing and seeing the seeing has become so exhausted First line of "The Panther" - R. M. Rilke
Re: closeing open ports
On Sun, Apr 29, 2001 at 01:13:07AM -0700, Michael Earls wrote: > What file do i need to edit to close open ports, > > ex, port 111 /tcp sunrpc > 515/ tcp printer > 2000/ tcp callback Install and configure ipchains. There are various firewall packages that you can configure on top of ipchains as well to provide more monitoring. Ideally have minimal ports open. My gateway box has only 5 ports open for misc sevices such as http and ssh. -B -- Brandon High [EMAIL PROTECTED] If you lend someone $20, and never see that person again; it was probably worth it.