PDA

View Full Version : [ubuntu] can't close my two open ports



zornan
May 27th, 2008, 03:41 AM
I am new to linux security and have been doing some reading to fortify my linux box. Using nmap I found i have only two open ports of the 65535 ports i scanned. I want to disable them, but can't find them in the services list or even by using sysvconfig. The first service is H.323/Q.931. Some Googeling told me that this service is used for VOIP which I don't have a use for. How do I disable this service thereby closing this port?

The second service is iss-realsecure-sensor. I can't find much useful info on this service, and i can't find it listed anywhere for me to disable in sysvconfig. Can you tell me what this service is, and how to disable it if i so choose?

any help you can offer would be greatly appreciated.

cdenley
May 27th, 2008, 01:42 PM
Are you scanning your computer, or your router? You can check what ports your computer is listening on with this command


netstat -tln

zornan
May 27th, 2008, 05:00 PM
I scanned my computer's IP with nmap from another computer within my network. There is no router between them. Unless i missed it, netstat doesn't tell me what services are using the open ports. The two services i listed are keeping two ports open. I just need to know how to disable them since i can't find them listed in the services list.

cdenley
May 27th, 2008, 05:35 PM
I was just making sure you were scanning correctly. I figured since you don't seem to remember installing voip software, and many routers have built-in voip functionality, you must have been scanning your router. However, if that is not the case, this command should indicate what process is listening on that port.


sudo lsof -i :22

Replace 22 with the appropriate port number.

My computer gives me this output


COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 5899 root 3u IPv6 14081 TCP *:22 (LISTEN)

which shows sshd is listening on port 22. A search of my installed packages shows which package installed that service.


cdenley@ubuntu:~$ dpkg-query -S sshd
openssh-server: /usr/sbin/sshd
openssh-server: /usr/share/man/man8/sshd.8.gz
openssh-server: /var/run/sshd
openssh-server: /etc/pam.d/sshd
openssh-server: /usr/share/man/man5/sshd_config.5.gz

If I don't want that server anymore, I can remove it


sudo apt-get remove openssh-server

niteshifter
May 27th, 2008, 05:39 PM
Hi,

netstat is your friend:

sudo netstat -tulnp

will give you TCP, UDP and PID/Program name.

zornan
May 27th, 2008, 06:08 PM
wonderful! exactly what i was looking for! Thank you both. I've learned to love the openness and customability of linux for the past year or so that I have been working with it. With linux security, i'm really learning both networking and linux security at the same time.. there is so much to learn.. but I like computers and there is no way I am going back to windows.. Once microsoft drops support for XP, my wife will be converting to Linux also, though she does not know this yet ;) Anyway, thanks for your help!