Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Are ports above 1024 closed by default ?
Top Forums UNIX for Advanced & Expert Users Are ports above 1024 closed by default ? Post 302253187 by nobo on Friday 31st of October 2008 06:25:37 AM
Old 10-31-2008
Nothing is blocked by default.

To see what processes are listening on what ports, use netstat, eg for a telephony server @ my shop:

Code:
[root@server ~]# netstat -tlnp | head -5
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      PID/Program name
tcp        0      0 0.0.0.0:199                 0.0.0.0:*                   LISTEN      30962/snmpd
tcp        0      0 0.0.0.0:8009                0.0.0.0:*                   LISTEN      6051/java
tcp        0      0 0.0.0.0:4201                0.0.0.0:*                   LISTEN      6051/java
[root@server ~]# netstat -ulnp | head -5
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      PID/Program name
udp        0      0 0.0.0.0:19342               0.0.0.0:*      6123/asterisk
udp        0      0 0.0.0.0:19343               0.0.0.0:*      6123/asterisk
udp        0      0 0.0.0.0:161                 0.0.0.0:*      30962/snmpd
[root@server ~]#

As you can see, this is listening on ports over 1024. There are many other things to notice. 'man netstat' for more options.

This is much more important than your firewall. Turn off all but unneccessary services. For instance, I betcha that "cupsd" is running. You don't want that unless the box in question is a printserver, listening on the IP associated w/the configured interface.

As to your firewall, you're going about the whole thing the wrong way. You want to DROP packets by default, then add your allow rules. To this end, this is typically found at the beginning of a firewall script / config file:

Code:
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]

BTW, "DROP" is pref'd over "REJECT". REJECT returns a "nobody home". DROP drops the packets silently. Suggest you man iptables. Google the "Unreliable Guides" by the module's author. Also, there are many sample firewalls out there.

regards
nobo
 

8 More Discussions You Might Find Interesting

1. Cybersecurity

Allowing access to ports < 1024 w/o root

I need to set up an application to run in a script which will be running as a web server but is a database. I need to allow users to use the web server but the app must be run as root in order for the ports to be accessible. This is not a very secure environment would like to know how this could... (2 Replies)
Discussion started by: rpollard
2 Replies

2. UNIX for Dummies Questions & Answers

Closed ports

Hello I need to close some ports on a box Solaris 8, which command I need to use. Thanks for your replies (2 Replies)
Discussion started by: lo-lp-kl
2 Replies

3. UNIX for Dummies Questions & Answers

ssh_exchange_identification: Connection closed by remote host Connection closed

Hi Everyone, Good day. Scenario: 2 unix servers -- A (SunOS) and B (AIX) I have an ftp script to sftp 30 files from A to B which happen almost instantaneously i.e 30 sftp's happen at the same time. Some of these sftp's fail with the following error: ssh_exchange_identification: Connection... (1 Reply)
Discussion started by: jeevan_fimare
1 Replies

4. Red Hat

ssh_host_rsa_key 1024 bit?

Hi All, How do I know if ssh_host_rsa_key is 1024 bit? cat /etc/ssh/ssh_host_rsa_key | wc -m 887 It's only 887. Is that it? Or not? Thank you for any comment you may add. (2 Replies)
Discussion started by: itik
2 Replies

5. UNIX for Dummies Questions & Answers

RSA 1024

How to generate RSA 1024 public key?? Pls help (3 Replies)
Discussion started by: kdtrica
3 Replies

6. Shell Programming and Scripting

1024 field issue : awk

Hi i have a txt file in which i do a awk operation with ":" as field separator A B C D ABC::2386.13:2386.13:3248234281995::+DPY:INT:3:N::::2:200.00:0.00:2010-05-12:CA: ::2:N::N:PH:00010031:0001+DPY:BAL:3:N::::3:1601.01:0.00:2010-05-12:XT::2:N:MR ... (1 Reply)
Discussion started by: mad_man12
1 Replies

7. Solaris

SYN_SENT does not receive reset from closed ports

Dear all, I have a Solaris 10 system with a bunch of zones on it. My issue is the following: - I have application A and B running in the same zone: i.e. they communicate via loopback interface. Application A tries to connect to application B, usually listening on port X. If application B... (6 Replies)
Discussion started by: pierolinux
6 Replies

8. IP Networking

Debian ports reporting closed. Refused connection

Hey guys, I'm having trouble with checking what ports are open on my Debian distro, which is reporting all ports closed, though they are clearly open I am checking to see if ports are open with netcat: nc 127.0.0.1 80 localhost 80 (http) : Connection refusedAs an example but on all ports... (0 Replies)
Discussion started by: 3therk1ll
0 Replies

LEARN ABOUT OSX

snmpnetstat

SNMPNETSTAT(1)							     Net-SNMP							    SNMPNETSTAT(1)

NAME

       snmpnetstat - display networking status and configuration information from a network entity via SNMP

SYNOPSIS

       snmpnetstat [common options] [-Ca] [-Cn] AGENT
       snmpnetstat [common options] [-Ci] [-Co] [-Cr] [-Cn] [-Cs] AGENT
       snmpnetstat [common options] [-Ci] [-Cn] [-CI interface] AGENT [interval]
       snmpnetstat [common options] [-Ca] [-Cn] [-Cs] [-Cp protocol] AGENT

DESCRIPTION

       The  snmpnetstat  command  symbolically displays the values of various network-related information retrieved from a remote system using the
       SNMP protocol.  There are a number of output formats, depending on the options for the information presented.  The first form of  the  com-
       mand  displays  a list of active sockets.  The second form presents the values of other network-related information according to the option
       selected.  Using the third form, with an interval specified, snmpnetstat will continuously display the information regarding packet traffic
       on the configured network interfaces.  The fourth form displays statistics about the named protocol.

       snmpnetstat will issue GETBULK requests to query for information if at least protocol version v2 is used.

       AGENT  identifies  a  target SNMP agent, which is instrumented to monitor the given objects.  At its simplest, the AGENT specification will
       consist of a hostname or an IPv4 address. In this situation, the command will attempt communication with the agent, using UDP/IPv4 to  port
       161 of the given target host. See snmpcmd(1) for a full list of the possible formats for AGENT.

OPTIONS

       The options have the following meaning:

       common options
	Please see snmpcmd(1) for a list of possible values for common options as well as their descriptions.

       -Ca With the default display, show the state of all sockets; normally sockets used by server processes are not shown.

       -Ci Show the state of all of the network interfaces.  The  interface  display  provides	a  table  of cumulative statistics regarding pack-
       ets transferred, errors, and collisions.  The  network addresses of the interface and the maximum transmission unit (``mtu'') are also dis-
       played.

       -Co  Show  an  abbreviated  interface status, giving octets in place of packets.  This is useful when enquiring virtual interfaces (such as
       Frame-Relay circuits) on a router.

       -CI interface Show information only about this interface; used with an interval as described below.

       -Cn Show network addresses as numbers (normally snmpnetstat interprets addresses and attempts to display them symbolically).   This  option
       may be used with any of the display formats.

       -Cp  protocol Show statistics about protocol, which is either a well-known name for a protocol or an alias for it.  Some protocol names and
       aliases are listed in the file /etc/protocols.  A null response typically means that there are no interesting numbers to report.  The  pro-
       gram will complain if protocol is unknown or if there is no statistics routine for it.

       -Cs Show per-protocol statistics.  When used with the -Cr option, show routing statistics instead.

       -Cr Show the routing tables.  When -Cs is also present, show per-protocol routing statistics instead of the routing tables.

       -CR repeaters For GETBULK requests, repeaters specifies the max-repeaters value to use.

       When  snmpnetstat is invoked with an interval argument, it displays a running count of statistics related to  network interfaces.  interval
       is the number of seconds between reporting of statistics.

       The Active Sockets Display (default)

       The default display, for active sockets, shows the local and remote addresses,  protocol,  and  the  internal  state   of  the	 protocol.
       Address	  formats    are   of  the  form ``host.port'' or ``network.port'' if  a  socket's  address specifies  a  network  but no specific
       host address.  When known, the host and network addresses are displayed symbolically  according	  to   the   data   bases  /etc/hosts  and
       /etc/networks,  respectively.   If a symbolic  name  for  an address  is unknown, or if the -Cn option is specified, the address is printed
       numerically, according to  the  address family.	For more information regarding the Internet ``dot format,'' refer  to inet(3N).   Unspeci-
       fied,  or  ``wildcard'', addresses and ports appear as ``*''.

       The Interface Display

       The   interface	display  provides  a  table  of cumulative statistics regarding packets transferred, errors, and col- lisions.	 The  net-
       work addresses of the interface and the maximum transmission unit (``mtu'') are also displayed.

       The Routing Table Display

       The routing table display indicates the	available  routes and  their  status.	Each route consists of a destination host or network and a
       gateway	to  use  in   forwarding  pack- ets.   The flags field shows the state of the route (``U'' if ``up''), whether the route is  to  a
       gateway	(``G''), whether  the  route  was created dynamically by a redirect (``D''), and whether the route  has  been  modified  by  a re-
       direct  (``M'').   Direct  routes  are  created for each interface attached to the local host;  the  gateway  field for	such entries shows
       the address of the outgoing inter- face.  The interface entry indicates the network interface utilized for the route.

       The Interface Display with an Interval

       When snmpnetstat is invoked with an interval argument, it displays a running count of statistics related  to   network  interfaces.    This
       display	 consists   of a column for the primary interface and a column summarizing information for all	interfaces.   The  primary  inter-
       face may be replaced with another interface with the -CI option.  The first line of each screen of information contains a summary since the
       system was last rebooted.  Subsequent lines of output show values accumulated over the preceding interval.

       The Active Sockets Display for a Single Protocol

       When  a	protocol is specified with the -Cp option, the information displayed is similar to that in the default display for active sockets,
       except the display is limited to the given protocol.

EXAMPLES

       Example of using snmpnetstat to display active sockets (default):

       % snmpnetstat -v 2c -c public -Ca testhost

       Active Internet (tcp) Connections (including servers)
       Proto Local Address		  Foreign Address		  (state)
       tcp   *.echo			   *.*				  LISTEN
       tcp   *.discard			   *.*				  LISTEN
       tcp   *.daytime			   *.*				  LISTEN
       tcp   *.chargen			   *.*				  LISTEN
       tcp   *.ftp			   *.*				  LISTEN
       tcp   *.telnet			   *.*				  LISTEN
       tcp   *.smtp			   *.*				  LISTEN
       ...

       Active Internet (udp) Connections
       Proto Local Address
       udp    *.echo
       udp    *.discard
       udp    *.daytime
       udp    *.chargen
       udp    *.time
       ...

       % snmpnetstat -v 2c -c public -Ci testhost

       Name	Mtu Network    Address		Ipkts	Ierrs	 Opkts Oerrs Queue
       eri0    1500 10.6.9/24  testhost     170548881  245601	687976	   0	0
       lo0     8232 127        localhost      7530982	    0  7530982	   0	0

       Example of using snmpnetstat to show statistics about a specific protocol:

       % snmpnetstat -v 2c -c public -Cp tcp testhost

       Active Internet (tcp) Connections
       Proto Local Address		  Foreign Address		  (state)
       tcp   *.echo			   *.*				  LISTEN
       tcp   *.discard			   *.*				  LISTEN
       tcp   *.daytime			   *.*				  LISTEN
       tcp   *.chargen			   *.*				  LISTEN
       tcp   *.ftp			   *.*				  LISTEN
       tcp   *.telnet			   *.*				  LISTEN
       tcp   *.smtp			   *.*				  LISTEN
       ...

SEE ALSO

       snmpcmd(1), iostat(1), vmstat(1), hosts(5), networks(5), protocols(5), services(5).

BUGS

       The notion of errors is ill-defined.

V5.6								    20 Jan 2010 						    SNMPNETSTAT(1)
All times are GMT -4. The time now is 10:42 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy