Results 1 to 6 of 6

Thread: can't close my two open ports

  1. #1
    Join Date
    Jan 2007
    Beans
    15

    can't close my two open ports

    I am new to linux security and have been doing some reading to fortify my linux box. Using nmap I found i have only two open ports of the 65535 ports i scanned. I want to disable them, but can't find them in the services list or even by using sysvconfig. The first service is H.323/Q.931. Some Googeling told me that this service is used for VOIP which I don't have a use for. How do I disable this service thereby closing this port?

    The second service is iss-realsecure-sensor. I can't find much useful info on this service, and i can't find it listed anywhere for me to disable in sysvconfig. Can you tell me what this service is, and how to disable it if i so choose?

    any help you can offer would be greatly appreciated.

  2. #2
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: can't close my two open ports

    Are you scanning your computer, or your router? You can check what ports your computer is listening on with this command
    Code:
    netstat -tln

  3. #3
    Join Date
    Jan 2007
    Beans
    15

    Re: can't close my two open ports

    I scanned my computer's IP with nmap from another computer within my network. There is no router between them. Unless i missed it, netstat doesn't tell me what services are using the open ports. The two services i listed are keeping two ports open. I just need to know how to disable them since i can't find them listed in the services list.

  4. #4
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: can't close my two open ports

    I was just making sure you were scanning correctly. I figured since you don't seem to remember installing voip software, and many routers have built-in voip functionality, you must have been scanning your router. However, if that is not the case, this command should indicate what process is listening on that port.
    Code:
    sudo lsof -i :22
    Replace 22 with the appropriate port number.

    My computer gives me this output
    Code:
    COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
    sshd    5899 root    3u  IPv6  14081       TCP *:22 (LISTEN)
    which shows sshd is listening on port 22. A search of my installed packages shows which package installed that service.
    Code:
    cdenley@ubuntu:~$ dpkg-query -S sshd
    openssh-server: /usr/sbin/sshd
    openssh-server: /usr/share/man/man8/sshd.8.gz
    openssh-server: /var/run/sshd
    openssh-server: /etc/pam.d/sshd
    openssh-server: /usr/share/man/man5/sshd_config.5.gz
    If I don't want that server anymore, I can remove it
    Code:
    sudo apt-get remove openssh-server

  5. #5
    Join Date
    Feb 2007
    Location
    /dev/random
    Beans
    671
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: can't close my two open ports

    Hi,

    netstat is your friend:
    Code:
    sudo netstat -tulnp
    will give you TCP, UDP and PID/Program name.
    Main system: Dell 1420n - C2D T5250, 4GB RAM, 120GB SATA. Ubuntu 8.04.3.
    Assorted VMs (via VBox). Favorites: Fedora, FreeBSD, Solaris.

  6. #6
    Join Date
    Jan 2007
    Beans
    15

    Re: can't close my two open ports

    wonderful! exactly what i was looking for! Thank you both. I've learned to love the openness and customability of linux for the past year or so that I have been working with it. With linux security, i'm really learning both networking and linux security at the same time.. there is so much to learn.. but I like computers and there is no way I am going back to windows.. Once microsoft drops support for XP, my wife will be converting to Linux also, though she does not know this yet Anyway, thanks for your help!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •