Re: All these open ports
On Fri, Aug 13, 2004 at 09:56:17PM -0400, Tong wrote:
> Hi,
>
> I've just noticed that my debian testing open many ports by default:
Uninstall the respective services. Or, use a firewalling system
(dedicated firewall, iptables, etc...)
To find out what service uses what port:
stefan:~$ sudo lsof -i tcp:www # substitute your port name/number
Password:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
apache 221 root 16u IPv4 173 TCP *:www (LISTEN)
apache 629 root 16u IPv4 173 TCP *:www (LISTEN)
apache 630 root 16u IPv4 173 TCP *:www (LISTEN)
apache 631 root 16u IPv4 173 TCP *:www (LISTEN)
apache 632 root 16u IPv4 173 TCP *:www (LISTEN)
apache 633 root 16u IPv4 173 TCP *:www (LISTEN)
> How can I close them?
Buy a firewall or set up iptables.
I'm sure you want to be able to print/see graphics/ssh in.
Note that some services have options to use UNIX-domain sockets
exclusively, such as the X-server (look for -nolisten tcp, etc).
You probably don't use all of these:
Webserver? If no, no apache.
Dict Server? Disable. The client uses dict.org, not localhost.
XServer? If you don't use the windowing system, get rid of it (note:
_not_ using it is rare, GNOME/KDE require it)
SSH?
CUPS? (network printing)
As for discard/time/daytime, you need to comment out lines in your
/etc/inetd.conf (but how can you exploit a service whose purpose is to
discard everything you throw at it?)
I share a LAN with my parent's Windoze boxes, and my LAN is already
firewalled, so I didn't worry much about this...
Reply to: