View Full Version : [ubuntu] can't close my two open ports
May 27th, 2008, 03:41 AM
I am new to linux security and have been doing some reading to fortify my linux box. Using nmap I found i have only two open ports of the 65535 ports i scanned. I want to disable them, but can't find them in the services list or even by using sysvconfig. The first service is H.323/Q.931. Some Googeling told me that this service is used for VOIP which I don't have a use for. How do I disable this service thereby closing this port?
The second service is iss-realsecure-sensor. I can't find much useful info on this service, and i can't find it listed anywhere for me to disable in sysvconfig. Can you tell me what this service is, and how to disable it if i so choose?
any help you can offer would be greatly appreciated.
May 27th, 2008, 01:42 PM
Are you scanning your computer, or your router? You can check what ports your computer is listening on with this command
May 27th, 2008, 05:00 PM
I scanned my computer's IP with nmap from another computer within my network. There is no router between them. Unless i missed it, netstat doesn't tell me what services are using the open ports. The two services i listed are keeping two ports open. I just need to know how to disable them since i can't find them listed in the services list.
May 27th, 2008, 05:35 PM
I was just making sure you were scanning correctly. I figured since you don't seem to remember installing voip software, and many routers have built-in voip functionality, you must have been scanning your router. However, if that is not the case, this command should indicate what process is listening on that port.
sudo lsof -i :22
Replace 22 with the appropriate port number.
My computer gives me this output
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 5899 root 3u IPv6 14081 TCP *:22 (LISTEN)
which shows sshd is listening on port 22. A search of my installed packages shows which package installed that service.
cdenley@ubuntu:~$ dpkg-query -S sshd
If I don't want that server anymore, I can remove it
sudo apt-get remove openssh-server
May 27th, 2008, 05:39 PM
netstat is your friend:
sudo netstat -tulnp
will give you TCP, UDP and PID/Program name.
May 27th, 2008, 06:08 PM
wonderful! exactly what i was looking for! Thank you both. I've learned to love the openness and customability of linux for the past year or so that I have been working with it. With linux security, i'm really learning both networking and linux security at the same time.. there is so much to learn.. but I like computers and there is no way I am going back to windows.. Once microsoft drops support for XP, my wife will be converting to Linux also, though she does not know this yet ;) Anyway, thanks for your help!
Powered by vBulletin® Version 4.2.2 Copyright © 2015 vBulletin Solutions, Inc. All rights reserved.