Hi all
Is there a command that I can use to close out open ports?
I did a netstat - a -p and got a long list of ports open (see sample below). I have disabled the some of the applications from /etc/services/. But there are still applications listening on certain ports.
I need to know how to close the open ports. Also, is there a file which I can use to close out the open ports and list the ports I want open?
The sample below is from the netstat -a -p command. I have about 500 UDP ports open that are like the ones using the Kaffe application. I am not too sure about internet protocols. Could this mean a hack?

Any help/ comments will be greatly appreciated!!

# netstat -a -p
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 <myservername>.<domain>.co:4789 MUSTANG:auth TIME_WAIT -
tcp 0 0 <myservername>.<domain>.coop3 MUSTANG:3420 ESTABLISHED 31935/ipop3d
tcp 0 0 localhost.localdom:4788 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4787 MUSTANG:auth TIME_WAIT -
tcp 0 0 localhost.localdom:4786 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>ostgres MUSTANG:3417 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4785 MUSTANG:auth TIME_WAIT -
tcp 0 0 localhost.localdom:4784 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4783 MUSTANG:auth TIME_WAIT -
tcp 0 0 localhost.localdom:4782 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>ostgres MUSTANG:3413 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4781 MUSTANG:auth TIME_WAIT -
tcp 0 0 localhost.localdom:4780 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4779 MUSTANG:auth TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4321 host_ip_address:3297 ESTABLISHED 21418/Kaffe
tcp 0 0 <myservername>.<domain>.co:6001 <myservername>.<domain>.co:1055 ESTABLISHED 28699/Xvnc
tcp 0 0 <myservername>.<domain>.co:1055 <myservername>.<domain>.co:6001 ESTABLISHED 12156/xterm
tcp 0 0 *op2 *:* LISTEN 30441/xinetd
tcp 0 0 *op3 *:* LISTEN 30441/xinetd
tcp 0 0 *op3s *:* LISTEN 30441/xinetd
tcp 0 0 <myservername>.<domain>.co:6001 <myservername>.<domain>.co:1807 ESTABLISHED 28699/Xvnc
tcp 0 0 <myservername>.<domain>.co:1807 <myservername>.<domain>.co:6001 ESTABLISHED 28707/twm
tcp 0 0 *:5801 *:* LISTEN 28699/Xvnc
tcp 0 0 *:5901 *:* LISTEN 28699/Xvnc
tcp 0 0 *:6001 *:* LISTEN 28699/Xvnc
tcp 0 0 localhost.localdom:8007 *:* LISTEN 32230/java
tcp 0 0 *:www *:* LISTEN 3697/httpd
tcp 0 0 *:https *:* LISTEN 3697/httpd
tcp 0 0 <myservername>.<domain>:netbios-ssn MUSTANG:3489 ESTABLISHED 10563/smbd
tcp 0 0 *:netbios-ssn *:* LISTEN 5278/smbd
tcp 0 0 *:587 *:* LISTEN 31627/sendmail: acc
tcp 0 0 *:smtp *:* LISTEN 31627/sendmail: acc
tcp 0 0 *:4321 *:* LISTEN 21418/Kaffe
tcp 0 0 *ostgres *:* LISTEN 1147/postmaster
tcp 0 0 *:auth *:* LISTEN 443/identd
udp 0 0 <myservername>.<domain>.co:1235 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1234 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1233 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1232 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1231 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1230 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1229 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1228 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1227 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1226 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1225 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1224 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1223 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1222 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1221 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1220 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1219 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1218 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1217 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1216 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1215 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1214 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1213 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1212 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1211 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1210 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1209 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1208 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1207 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1206 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1205 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1204 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1075 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1074 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1073 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1072 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4584 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4583 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4582 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4581 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4580 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4579 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4578 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4577 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe

Hi..

First of all.. Don't remove stuff from /etc/services.. thats not the
way to go!!!! If you have a backup of the original services file
i suggest you replace the one you modified with the orginal.. or simply copy it from
another box running the same OS and version...

Please tell me what os you are running ! That really helps..
To check for open ports try: netstat -a |grep LISTEN (should work
on most unixes)

you should check the /etc/inetd.conf
for services and comment them out.. example:

pop3 stream tcp nowait root /usr/sbin/popa3d popa3d

line in /etc/inetd.conf will enable POP3 mail services..
just comment it out to disable it with a
# sign in front like this!

#pop3 stream tcp nowait root /usr/sbin/popa3d popa3d

then find out the pid of inetd and run kill -HUP <PID_OF_INETD_HERE> or simply reboot the server...

You should also check your startup files för services (depends on OS and init type where to find them.. please tell me what os you are running. This could be done with the command: uname -a)

You could also checkout if there is a free firewall available for your unix/linux if you want more control of what to let in and out of a server.

Hope this helps some..

/Peter C

Thanks Peter:
I have not removed stuff from the /etc/services/ Jsut set the disable = yes parameter. In the services that I did not require.
I am running Redhat Linux 7.0. Redhat has an xinet.d instead of inet.d. I have also commented out the services that I did not need. Still I have these open ports. I am confused as to what they are and what are they doing!!

Only problem with the firewall (iptables) is that I am vary of the ports it will close out. I am not sure (and am not clear on the administration of iptables).

/etc/services does not have a "disable = yes" parameter. /etc/xinetd.conf and /etc/xinet.d/* files do.

Use those.

check out the startup scripts in /etc/rcX.d/
where X is 1 2 3 ...

could you please post the result of a netstat -a |grep LISTEN
then i could help you close those services by telling you
where to look! if your machine is on the internet
dont forget to remove your hostname from the output before you post here.. You dont want to get hacked do you


/Peter

my netstat -a | grep LISTEN output is as follows:
tcp 0 0 *:5801 *:* LISTEN
tcp 0 0 *:5901 *:* LISTEN
tcp 0 0 *:6001 *:* LISTEN
tcp 0 0 *:587 *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 localhost.localdom:8007 *:* LISTEN
tcp 0 0 *:www *:* LISTEN
tcp 0 0 *ostgres *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *op2 *:* LISTEN
tcp 0 0 *op3 *:* LISTEN
tcp 0 0 *op3s *:* LISTEN
tcp 0 0 *:auth *:* LISTEN
unix 0 [ ACC ] STREAM LISTENING 7218 /tmp/.s.PGSQL.5432
unix 0 [ ACC ] STREAM LISTENING 662 /dev/gpmctl
unix 0 [ ACC ] STREAM LISTENING 893 /tmp/.font-unix/fs7100
unix 0 [ ACC ] STREAM LISTENING 406 /dev/log
unix 0 [ ACC ] STREAM LISTENING 300584 /tmp/.X11-unix/X1

Eek!
Just at a glance, I can see that you're running VNC (with the java viewer enabled), X, sendmail, Apache, Postgres, Samba, Pop2 (?!), Pop3, Secure Pop3, and Auth.

I'm sure you could look up the other port numbers to see what's going on...

Do you mean to be running all of these services, or is this just a home machine that only you want to be using?
This may be nromal if you're running a server, and want all of these to be active, but if this is your home machine, you may have a problem.