Re: [expert] Hoto close some ports...
Ok.. Thak you! I will try to use your recomendations. Bests ArMan. - Original Message - From: "Gregor Maier" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 10, 2001 2:05 PM Subject: Re: [expert] Hoto close some ports... > > On 10-Jul-2001 civileme wrote: > > On Tuesday 10 July 2001 09:25, Arman Khalatyan wrote: > >> Hallo! > >> Hoto close some ports... > >> I have Mandrake 7.2 with 2.4.1 kernel. > >> # > >> [arm2arm@icas> arm2arm]$ nmap localhost > >> Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) > >> Interesting ports on localhost.localdomain (127.0.0.1): > >> (The 1514 ports scanned but not shown below are in state: closed) > >> Port State Service > >> 21/tcp openftp > >> 23/tcp opentelnet > >> 25/tcp opensmtp > >> 110/tcpopenpop-3 > >> 113/tcpopenauth <-- I wont to close this one > >> 443/tcpopenhttps > >> 513/tcpopenlogin > >> 1024/tcp openkdm <-- I wont to close this one > >> 6000/tcp openX11<-- I wont to close this one > >> ## > >> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds > >> > >> Bests ArMan. > > > > Would you settle for filtered? > > > > Closing the ports means the server is not running. Stop kdm and you won't be > > logging in to graphics window managers; stop X and you won't have any > > graphics system, and stop auth and you won't be able to login. > > > > > > iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 6000 DROP > > iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 113 DROP > > iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 1024 DROP > that should be -j DROP and not just DROP (prehaps it will still work but the > correct syntax is -j) > there's a nice howto on iptables and packet filtering at > netfilter.filewatcher.org or look at the ipchains howto at linuxdocs.org (which > can give you additional hints on packet filtering) > > > Those are faily strict rules--ssh logins will not be possible externally, nor > > will exports through xhost (where your screen appears on some other > > computer). > > > Now you have a problem. 72 does not have iptables, but that is what kernel > > 2.4 uses. I am unsure how to activate ipchains for kernel 2.4, and I think > > you would be well-advised to seek out and compile the tarballs or source rpms > > for iptables since the 8.0 mandrake cannot supply the binaries. > > > there's a module ipchains in kernel 2.4 which will enable use of the ipchains > command (you could still use ipfwadm with the ipfwadm module...) > > -- > E-Mail: Gregor Maier <[EMAIL PROTECTED]> > Date: 10-Jul-2001 > Time: 11:57:06 > -- >
Re: [expert] Hoto close some ports...
On 10-Jul-2001 civileme wrote: > On Tuesday 10 July 2001 09:25, Arman Khalatyan wrote: >> Hallo! >> Hoto close some ports... >> I have Mandrake 7.2 with 2.4.1 kernel. >> # >> [arm2arm@icas> arm2arm]$ nmap localhost >> Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) >> Interesting ports on localhost.localdomain (127.0.0.1): >> (The 1514 ports scanned but not shown below are in state: closed) >> Port State Service >> 21/tcp openftp >> 23/tcp opentelnet >> 25/tcp opensmtp >> 110/tcpopenpop-3 >> 113/tcpopenauth <-- I wont to close this one >> 443/tcpopenhttps >> 513/tcpopenlogin >> 1024/tcp openkdm <-- I wont to close this one >> 6000/tcp openX11<-- I wont to close this one >> ## >> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds >> >> Bests ArMan. > > Would you settle for filtered? > > Closing the ports means the server is not running. Stop kdm and you won't be > logging in to graphics window managers; stop X and you won't have any > graphics system, and stop auth and you won't be able to login. > > > iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 6000 DROP > iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 113 DROP > iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 1024 DROP that should be -j DROP and not just DROP (prehaps it will still work but the correct syntax is -j) there's a nice howto on iptables and packet filtering at netfilter.filewatcher.org or look at the ipchains howto at linuxdocs.org (which can give you additional hints on packet filtering) > Those are faily strict rules--ssh logins will not be possible externally, nor > will exports through xhost (where your screen appears on some other > computer). > Now you have a problem. 72 does not have iptables, but that is what kernel > 2.4 uses. I am unsure how to activate ipchains for kernel 2.4, and I think > you would be well-advised to seek out and compile the tarballs or source rpms > for iptables since the 8.0 mandrake cannot supply the binaries. > there's a module ipchains in kernel 2.4 which will enable use of the ipchains command (you could still use ipfwadm with the ipfwadm module...) -- E-Mail: Gregor Maier <[EMAIL PROTECTED]> Date: 10-Jul-2001 Time: 11:57:06 --
Re: [expert] Hoto close some ports...
* Stardate: 2001-07-10 13:25 * Incoming subspace signal from "Arman Khalatyan <[EMAIL PROTECTED]>" : > Hallo! > Hoto close some ports... > I have Mandrake 7.2 with 2.4.1 kernel. > # > [arm2arm@icas> arm2arm]$ nmap localhost > Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) > Interesting ports on localhost.localdomain (127.0.0.1): > (The 1514 ports scanned but not shown below are in state: closed) > Port State Service > 21/tcp openftp > 23/tcp opentelnet > 25/tcp opensmtp > 110/tcpopenpop-3 > 113/tcpopenauth <-- I wont to close this one > 443/tcpopenhttps > 513/tcpopenlogin > 1024/tcp openkdm <-- I wont to close this one > 6000/tcp openX11<-- I wont to close this one > ## > Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds > Bests ArMan. If you close those ports you might end up with a non-functional system. The dangerous open ports are telnet and ftp. If you do not need a telnet or ftp server, deinstall them or comment them out in /etc/(x)inetd.conf. If you need telnet a server replace it by sshd. -- Best regards, M@X. * Climate Control Psychedelic Soundscapes - http://go.to/cchq/ * Linux Shell Scripts & RPM Software Packages - http://go.to/conmen/
RE: [expert] Hoto close some ports...
On 10-Jul-2001 Arman Khalatyan wrote: > Hallo! > Hoto close some ports... > I have Mandrake 7.2 with 2.4.1 kernel. ># > [arm2arm@icas> arm2arm]$ nmap localhost > Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) > Interesting ports on localhost.localdomain (127.0.0.1): > (The 1514 ports scanned but not shown below are in state: closed) > Port State Service > 21/tcp openftp > 23/tcp opentelnet > 25/tcp opensmtp > 110/tcpopenpop-3 > 113/tcpopenauth <-- I wont to close this one > 443/tcpopenhttps > 513/tcpopenlogin > 1024/tcp openkdm <-- I wont to close this one > 6000/tcp openX11<-- I wont to close this one >## > Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds > port 6000 is needed if you want to use X-Window probably the same with kdm but i don't know. If you do block them from machines other than yours you'll have to set up some basic firewall rules. What to do: run a "netstat -ap | grep LISTEN". This will show all ports which are open (where the kernel listens for connections) and it will also show you which process is listenning there. If the process is xinetd this port is serveb by the super server. Go to the /etc/xinetd.d directory and edit the matching file (should be could auth or something alike) Add a line disable=yes to it and reload the xinetd server's config files (/etc/init.d/xinetd reload) If the owner is a different process use linuxconf do disable this process (system services part if linuxconf). As i mentioned above another possibility would be a firewall using iptables (for 2.4 kernels) - have a look at netfilter.filewatcher.org for a HOWTO on iptables and packet-filtering -- E-Mail: Gregor Maier <[EMAIL PROTECTED]> Date: 10-Jul-2001 Time: 10:28:34 --