Re: What services are using these ports?
I wrote up some notes on how to disable inetd stuff. You might find them
useful.
how to disable inetd services on a debian box:
first, figure out which services are running.
to do this, you will need nmap:
# apt-get install nmap
and now:
$ nmap localhost
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on seele (127.0.0.1):
(The 1593 ports scanned but not shown below are in state: closed)
Port State Service
37/tcp open time
now figure out what they do:
search google for "time port 37 rfc", and decide if you need it.
if you don't need it:
# update-inetd --disable time
run nmap again to verify it is disabled.
if you need it again later:
# update-inetd --enable time
if you forgot which services you have disabled:
$ cat /etc/inetd.conf | grep \<off\>
but what if you have "unknown" services?
$ nmap localhost
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on seele (127.0.0.1):
(The 1594 ports scanned but not shown below are in state: closed)
Port State Service
842/tcp open unknown
services reported as "unknown" are not controlled by inetd, that is,
they are standalone server.
you can use netstat to figure out what server is associated with that port:
(if you don't have netstat, try apt-get install net-tools)
$ netstat -lp --inet
Active Internet connections (only servers)
Proto Local Address State PID/Program name
tcp *:842 LISTEN 236/rpc.statd
so we see that tcp port 842 belongs to rpc.statd.
note how it lists its PID (236), which means it is a standalone server.
to lock down standalone servers, either disable the server
(ie, cd /etc/init.d; update-rc.d -f nfs-kernel-server remove), or use a
firewall to block certain connections (like ipchains or iptables).
Reply to: