closing open ports Post: 7557

Sponsored Content

Special Forums Cybersecurity closing open ports Post 7557 by loadc on Thursday 27th of September 2001 06:12:43 PM

09-27-2001

Registered User

One last thing----

Just one last little bit, your inetd.conf file is a better reference for what is running on the box, under inetd,(not to mention the use of lsof and looking at /etc/services) than an nmap scan. nmap is guessing at what is running on what port from a list of what is assumed to be a known service on those ports, usually anything above port 1024 (and sometimes, below it) is arbitrarily set to serve from that port. BackOrifice and NetBus could be config'd to run from other ports, so can netcat and other such tools. Your best bet is stripping down to only what you need, and keeping a sharp eye out for any new servers being put out there. You can use lsof to get an idea (okay, see what's happening) of exactly what proc is using which port so you can see who is serving what out of your box.
The nmap scans are excellent for finding servers that are nto running under inetd's auspices. Sounds like you're going in the right direction....

Later,

loadc

loadc

View Public Profile for loadc

Find all posts by loadc

9 More Discussions You Might Find Interesting

1. Cybersecurity

firewall vs. closing ports

This may be kind of a stupid question, but here goes: Say I'm running a FreeBSD webserver (w/apache). I've managed to close ALL open ports (including SSH/telnet and portmapper), excepting '80' that apache is listening on. A netstat -a shows me nothing open. Discounting DoS/DDoS or holes in...

2. IP Networking

Closing out ports???

Hi all Is there a command that I can use to close out open ports? I did a netstat - a -p and got a long list of ports open (see sample below). I have disabled the some of the applications from /etc/services/. But there are still applications listening on certain ports. I need to know how to...

3. Shell Programming and Scripting

Check open ports every ...

Hello, i need a script (bash type maybe?..), which would check open ports on 127.0.0.1 and then compare open ports with "registered/allowed" port list and try to kill the program who uses unregistered ports. It would be great that script would be started lets say every 5 or 10 minutes. You see i...

4. Solaris

open ports solaris 8

Hello, I have a number of Solaris 8 Sun servers that have open ports that I cannot identify. I see some with 1013-1023 (which are reserved ports according to the IANA. Lsof does not identify these. I rebooted the server and they went off, but this morning I saw they were all back on again. Any...

5. Solaris

Open ports in solaris 10

hi guys, may i know the exact steps to open a port in solaris.i have some rough idea - which is adding the port number in /etc/services. but i am not sure the correct conventions, steps or any other steps. kindly advise.thanks guys !

6. Shell Programming and Scripting

closing unwanted open ports using scripts

i have a text file i.e file1.txt which shows open ports on particular system. i have another text file i.e file2.txt which shows a list of allowed ports on a system. for eg: file2.txt 22/tcp ssh 23/tcp telnet. can i have a script which would compare these text files ,file1 and file2 ...

7. UNIX for Dummies Questions & Answers

open ports and services

just a quick question: a. whats the simplest command to check open port and the corresponding services? example: bash-2.05# netstat -an | grep LISTEN *.199 *.* 0 0 49152 0 LISTEN *.8989 *.* 0 0 49152 ...

8. IP Networking

Open/close of ports

Hi, I have read some forum theads about the open and close ports. some points are clear and it is not working on my machine or something am i missing? I have commented out a port /etc/services, one application uses then when i use the telnet <hostname> <port_blocked> it shows connected.....

9. Shell Programming and Scripting

Closing open file descriptors from /proc/pid/fd

Hi guys, i need to write a shell script that will close file descriptors from /proc/pid/fd will calling exec 4<&- solve the problem ? thanks in advance :)

LEARN ABOUT DEBIAN

micro_proxy

micro_proxy(8)						      System Manager's Manual						    micro_proxy(8)

NAME

       micro_proxy - really small HTTP/HTTPS proxy

SYNOPSIS

       micro_proxy

DESCRIPTION

       micro_proxy  is	a  very small HTTP/HTTPS proxy.  It runs from inetd, which means its performance is poor.  But for low-traffic sites, it's
       quite adequate.	It implements all the basic features of an HTTP/HTTPS proxy, in only 260 lines of code.

       To install it, add a line like this to /etc/inetd.conf:
	   webproxy  stream tcp nowait nobody  /usr/sbin/micro_proxy micro_proxy
       Make sure the path to the executable is correct.  Then add a line like this to /etc/services:
	   webproxy   port/tcp
       Change "port" to the port number you want to use - 3128, or whatever.  Then restart inetd by sending it a "HUP" signal, or rebooting.

       On some systems, inetd has a maximum spawn rate - if you try to run inetd services faster than a certain number of  times  per  minute,	it
       assumed	there's  either  a  bug of an attack going on and it shuts down for a few minutes.  If you run into this problem - look for syslog
       messages about too-rapid looping - you'll need to find out how to increase the limit.  Unfortunately this varies from OS to OS.	 On  Free-
       BSD,  you  add  a  "-R 10000" flag to inetd's initial command line.  On some Linux systems, you can set the limit on a per-service basis in
       inetd.conf, by changing "nowait" to "nowait.10000".

AUTHOR

       Copyright (C) 1999 by Jef Poskanzer <jef@mail.acme.com>. All rights reserved.

								   16 March 1999						    micro_proxy(8)