Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Port question.


  • Please log in to reply
19 replies to this topic

#1 bwrighttwo

bwrighttwo

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 06:43 PM

Hello. I am running a live Debian disk on a machine I have had some issues with. Could someone tell me what should and should not be open and a general idea of what this means. When i run the network tool, here is what i get. Sorry if this data is not in the correct order. I am having copy and paste issues as well. thanks for your time.

 

Network device:    lo
Hardware address:    Loopback
Multicast:    Disabled
MTU:    16436
Link speed:    not available
State:    Active
Transmitted packets:    8068
Transmission errors:    0
Received packets:    8068
Reception errors:    0Port    State    Service
Collisions:    0

 

 

10.0.0.3

Port    State    Service
22/tcp    open    ssh
111/tcp    open    rpcbind

 

127.0.0.1

Port    State    Service
22/tcp    open    ssh
25/tcp    open    smtp
111/tcp    open    rpcbind
631/tcp    open    ipp
 

 

Network device:    eth0
Hardware address:    14:fe:b5:ae:d0:f2
Multicast:    Enabled
MTU:    1500
Link speed:    not available
State:    Active
Transmitted packets:    5934
Transmission errors:    0
Received packets:    4811
Reception errors:    0
Collisions:    0

 

 

10.0.0.1

Port    State    Service
22/tcp    closed    ssh
23/tcp    closed    telnet
80/tcp    open    http
443/tcp    open    https
1900/tcp    open    upnp
8080/tcp    closed    http-proxy

 

::1

Port    State    Service
22/tcp    open    ssh
25/tcp    open    smtp
111/tcp    open    rpcbind
631/tcp    open    ipp
 

 



BC AdBot (Login to Remove)

 


m

#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,164 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 09:34 PM

Unless you plan on using telnet (and you probably shouldn't), close that port if you can. Telnet is unencryted and therefore unsecure, so you never want to log in to something using it. There are other known vulnerabilities with it as well.

 

Some questionable ports I see are rpcbind on port 111. Unless you are running an NFS server, this doesn't need to be open.

Also Universale Plug and Play port 1900 -- unless you plan on doing a lot of gaming, messaging or plan on connecting to other devices on your network, you may not need this one open either. There are a number of known vulnerabilites with UPnP.

And http-proxy on port 8080. If you aren't running web services on this machine, you may want to close it as well,



#3 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 10:45 PM

Thanks for your reply.  I did do a search on these ports. I saw where there were some security issues with some of them. I posted this topic to be sure though. I really have no idea how to close them. I did not configure any of them to be there. I was running a Debian live disk when i ran the port scan. I have now downloaded a Mint distro. Not live anymore. I am going to see if i can figure out how to scan again.



#4 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 10:55 PM

I just did a search on  NFS server.  Makes sense in reguards to my problems.



#5 sflatechguy

sflatechguy

  • BC Advisor
  • 2,164 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 11:17 PM

Best way to close the ports is to stop the services associated with them.

 

You can do this by typing grep port # /etc/services, substituting the port number, at a command line. If you know whether the port is set to TCP or UDP, you can also type lsof -i TCP:port # or fuser port #/tcp. Substitute UDP for TCP if necessary.

 

Then, type in update-rc.d -f nameofservice remove to permanently disable the service from starting again.



#6 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 11:19 PM

I will try this. I will let you know what happens. Thanks again.



#7 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 11:23 PM

Here is what i got.

 

 

 

lsof: unacceptable port specification in: -i TCP:111/tcp
lsof 4.86
 latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
 latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
 latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
 usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]] [+|-e s]
 [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
Use the ``-h'' option to get more help information.



#8 sflatechguy

sflatechguy

  • BC Advisor
  • 2,164 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 11:28 PM

With lsof, just use -i TCP:port #, no need to add /tcp at the end.

If lsof is being cranky, try the fuser command, or grep the /etc/services file.



#9 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 11:31 PM

I did the fuser option first to no avail.  You may want to look at a topic i just started in the Linux forum.



#10 sflatechguy

sflatechguy

  • BC Advisor
  • 2,164 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 11:32 PM

Yeah, some distributions install fuser and some don't. Try man fuser at the command line. If there's no man page for fuser, it's not installed.



#11 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 09 August 2014 - 11:34 PM

here is the link

 

 

http://www.bleepingcomputer.com/forums/t/543899/there-is-another-synaptic-running-in-interactive-mode/



#12 bigrobifer

bigrobifer

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 10 August 2014 - 08:01 AM

you should keep the smtp port closed also. 



#13 sflatechguy

sflatechguy

  • BC Advisor
  • 2,164 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 10 August 2014 - 12:45 PM

If he plans on using email, he should keep the Simple Mail Transfer Protocol port open.

 

You may want to use dpkg to repair your apt-get installation.

http://community.linuxmint.com/tutorial/view/1433



#14 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 10 August 2014 - 11:50 PM

This is a portscan of the same machine in my first post. I have now downloaded Linux Mint. The original post is a log when i was running a Live Debian disk. This machine will not let me install Debian (wheezy). I do not remember why, but it just stalls and gives some error about half way through the install process. When you look at these keep in mind i should not have anything related to Windows as I wiped it with Dban. At least I went through the process.

 

 

 

ham-Dell-System-Inspiron-N4110 ham #  netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      934/smbd        
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      1757/dnsmasq    
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1045/cupsd      
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      934/smbd        
tcp6       0      0 :::139                  :::*                    LISTEN      934/smbd        
tcp6       0      0 ::1:631                 :::*                    LISTEN      1045/cupsd      
tcp6       0      0 :::445                  :::*                    LISTEN      934/smbd        
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1028/avahi-daemon:
udp        0      0 0.0.0.0:55614           0.0.0.0:*                           1028/avahi-daemon:
udp        0      0 127.0.1.1:53            0.0.0.0:*                           1757/dnsmasq    
udp        0      0 0.0.0.0:68              0.0.0.0:*                           3050/dhclient   
udp        0      0 0.0.0.0:53382           0.0.0.0:*                           3050/dhclient   
udp        0      0 10.0.0.255:137          0.0.0.0:*                           1967/nmbd       
udp        0      0 10.0.0.3:137            0.0.0.0:*                           1967/nmbd       
udp        0      0 0.0.0.0:137             0.0.0.0:*                           1967/nmbd       
udp        0      0 10.0.0.255:138          0.0.0.0:*                           1967/nmbd       
udp        0      0 10.0.0.3:138            0.0.0.0:*                           1967/nmbd       
udp        0      0 0.0.0.0:138             0.0.0.0:*                           1967/nmbd       
udp6       0      0 :::5353                 :::*                                1028/avahi-daemon:
udp6       0      0 :::42898                :::*                                1028/avahi-daemon:
udp6       0      0 :::7082                 :::*                                3050/dhclient  



#15 sflatechguy

sflatechguy

  • BC Advisor
  • 2,164 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 PM

Posted 11 August 2014 - 01:24 AM

smbd and nmdp protocols are used by Samba servers. So unless you plan on setting up a local domain with multiple clients connecting to a central server, you don't need those services running.

 

dhclient and dnsmasq you'll need to connect to your local router and the Internet -- dhclient is the client side of DHCP. cupsd is the printer daemon. You'll need all those services.

 

avahi-daemon discovers network resources and facilitates file and print sharing. Some advocate turning it off if you aren't on a network, but it has some useful features even for standalone machines. Bear in mind, it's not simple to disable -- you have to go in and edit the configuration file to do that.

 

Hope all that helps.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users