[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How do I disable (close) ports?

On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
> Hi,
> I disabled all but a few ports in /etc/services, but I have
> tcp        0      0 pa237.olsztyn.sdi.t:111

/etc/services does not enable or disable ports.  It is merely a database
mapping commonly used ports to names.  Nothing more.

> 25/tcp     open        smtp
> 37/tcp     open        time
> 66/tcp     open        sql*net
> 80/tcp     open        http
> 110/tcp    open        pop-3
> 443/tcp    open        https
> 3306/tcp   open        mysql
> open. How can I close ports 111 and 859? They are not enabled in
> /etc/services

Well, port 111 used to be in /etc/services, before you deleted it.  But
as I said, that has no effect on anything.  You need to find out what
process is listening on that particular port, then figure out why it's
running.  If you've got fuser installed, try running 'fuser -n TCP 111'
to see what process is listening on port 111.  Or you can do something
like netstat -npl | egrep '\:111[[:space:]]'

You will discover that portmap is listening on port 111 and something
like rpc.statd is running on 859.  If you don't use NFS, you can disable
both of these.  /etc/init.d/nfs-common stop will shut rpc.statd down,
and 'find /etc/ -name S??nfs-common -exec rm -f {} \;' will prevent it
from starting on future system boots.

/etc/init.d/portmap stop will shutdown portmap.  'rm -rf
/etc/rcS.d/S41portmap' will stop it from starting on future reboots.

Note that the right hand column in nmap's output is *not* meant to tell
you what service is listening on that port.  It is only there to let you
know what service commonly listens on that port.  Some services listen
on dynamically chosen ports.  Are you sure you're runing https and


| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpN4zYNwIcEL.pgp
Description: PGP signature

Reply to: