Re: All these open ports

[Stefan O'Rear <stefanor@cox.net>]

On Fri, Aug 13, 2004 at 09:56:17PM -0400, Tong wrote:
> Hi, 
> 
> I've just noticed that my debian testing open many ports by default: 

Uninstall the respective services. Or, use a firewalling system
(dedicated firewall, iptables, etc...)

To find out what service uses what port:

stefan:~$ sudo lsof -i tcp:www			# substitute your port name/number
Password:
COMMAND PID USER   FD   TYPE DEVICE SIZE NODE NAME
apache  221 root   16u  IPv4    173       TCP *:www (LISTEN)
apache  629 root   16u  IPv4    173       TCP *:www (LISTEN)
apache  630 root   16u  IPv4    173       TCP *:www (LISTEN)
apache  631 root   16u  IPv4    173       TCP *:www (LISTEN)
apache  632 root   16u  IPv4    173       TCP *:www (LISTEN)
apache  633 root   16u  IPv4    173       TCP *:www (LISTEN)

> How can I close them? 

Buy a firewall or set up iptables.

I'm sure you want to be able to print/see graphics/ssh in.

Note that some services have options to use UNIX-domain sockets
exclusively, such as the X-server (look for -nolisten tcp, etc).

You probably don't use all of these:
  Webserver? If no, no apache.
  Dict Server? Disable. The client uses dict.org, not localhost.
  XServer? If you don't use the windowing system, get rid of it (note:
  _not_ using it is rare, GNOME/KDE require it)
  SSH?
  CUPS? (network printing)

As for discard/time/daytime, you need to comment out lines in your
/etc/inetd.conf (but how can you exploit a service whose purpose is to
discard everything you throw at it?)

I share a LAN with my parent's Windoze boxes, and my LAN is already
firewalled, so I didn't worry much about this...