Visit Our UNIX and Linux User Community


Closing out ports???


 
Thread Tools Search this Thread
Special Forums IP Networking Closing out ports???
# 1  
Old 09-19-2002
Question Closing out ports???

Hi all
Is there a command that I can use to close out open ports?
I did a netstat - a -p and got a long list of ports open (see sample below). I have disabled the some of the applications from /etc/services/. But there are still applications listening on certain ports.
I need to know how to close the open ports. Also, is there a file which I can use to close out the open ports and list the ports I want open?
The sample below is from the netstat -a -p command. I have about 500 UDP ports open that are like the ones using the Kaffe application. I am not too sure about internet protocols. Could this mean a hack?

Any help/ comments will be greatly appreciated!!

# netstat -a -p
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 <myservername>.<domain>.co:4789 MUSTANG:auth TIME_WAIT -
tcp 0 0 <myservername>.<domain>.coSmilieop3 MUSTANG:3420 ESTABLISHED 31935/ipop3d
tcp 0 0 localhost.localdom:4788 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4787 MUSTANG:auth TIME_WAIT -
tcp 0 0 localhost.localdom:4786 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>Smilieostgres MUSTANG:3417 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4785 MUSTANG:auth TIME_WAIT -
tcp 0 0 localhost.localdom:4784 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4783 MUSTANG:auth TIME_WAIT -
tcp 0 0 localhost.localdom:4782 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>Smilieostgres MUSTANG:3413 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4781 MUSTANG:auth TIME_WAIT -
tcp 0 0 localhost.localdom:4780 localhost.localdom:8007 TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4779 MUSTANG:auth TIME_WAIT -
tcp 0 0 <myservername>.<domain>.co:4321 host_ip_address:3297 ESTABLISHED 21418/Kaffe
tcp 0 0 <myservername>.<domain>.co:6001 <myservername>.<domain>.co:1055 ESTABLISHED 28699/Xvnc
tcp 0 0 <myservername>.<domain>.co:1055 <myservername>.<domain>.co:6001 ESTABLISHED 12156/xterm
tcp 0 0 *Smilieop2 *:* LISTEN 30441/xinetd
tcp 0 0 *Smilieop3 *:* LISTEN 30441/xinetd
tcp 0 0 *Smilieop3s *:* LISTEN 30441/xinetd
tcp 0 0 <myservername>.<domain>.co:6001 <myservername>.<domain>.co:1807 ESTABLISHED 28699/Xvnc
tcp 0 0 <myservername>.<domain>.co:1807 <myservername>.<domain>.co:6001 ESTABLISHED 28707/twm
tcp 0 0 *:5801 *:* LISTEN 28699/Xvnc
tcp 0 0 *:5901 *:* LISTEN 28699/Xvnc
tcp 0 0 *:6001 *:* LISTEN 28699/Xvnc
tcp 0 0 localhost.localdom:8007 *:* LISTEN 32230/java
tcp 0 0 *:www *:* LISTEN 3697/httpd
tcp 0 0 *:https *:* LISTEN 3697/httpd
tcp 0 0 <myservername>.<domain>:netbios-ssn MUSTANG:3489 ESTABLISHED 10563/smbd
tcp 0 0 *:netbios-ssn *:* LISTEN 5278/smbd
tcp 0 0 *:587 *:* LISTEN 31627/sendmail: acc
tcp 0 0 *:smtp *:* LISTEN 31627/sendmail: acc
tcp 0 0 *:4321 *:* LISTEN 21418/Kaffe
tcp 0 0 *Smilieostgres *:* LISTEN 1147/postmaster
tcp 0 0 *:auth *:* LISTEN 443/identd
udp 0 0 <myservername>.<domain>.co:1235 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1234 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1233 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1232 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1231 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1230 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1229 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1228 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1227 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1226 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1225 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1224 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1223 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1222 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1221 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1220 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1219 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1218 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1217 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1216 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1215 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1214 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1213 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1212 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1211 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1210 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1209 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1208 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1207 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1206 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1205 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1204 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1075 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1074 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1073 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:1072 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4584 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4583 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4582 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4581 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4580 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4579 wdc-ns3.nas-inte:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4578 camel.nas-inter.:domain ESTABLISHED 21418/Kaffe
udp 0 0 <myservername>.<domain>.co:4577 <myservername>.<domain>.:domain ESTABLISHED 21418/Kaffe
# 2  
Old 09-19-2002
Hi..

First of all.. Don't remove stuff from /etc/services.. thats not the
way to go!!!! If you have a backup of the original services file
i suggest you replace the one you modified with the orginal.. or simply copy it from
another box running the same OS and version...

Please tell me what os you are running ! That really helps..
To check for open ports try: netstat -a |grep LISTEN (should work
on most unixes)

you should check the /etc/inetd.conf
for services and comment them out.. example:

pop3 stream tcp nowait root /usr/sbin/popa3d popa3d

line in /etc/inetd.conf will enable POP3 mail services..
just comment it out to disable it with a
# sign in front like this!

#pop3 stream tcp nowait root /usr/sbin/popa3d popa3d

then find out the pid of inetd and run kill -HUP <PID_OF_INETD_HERE> or simply reboot the server...

You should also check your startup files för services (depends on OS and init type where to find them.. please tell me what os you are running. This could be done with the command: uname -a)

You could also checkout if there is a free firewall available for your unix/linux if you want more control of what to let in and out of a server.

Hope this helps some..

/Peter C
# 3  
Old 09-19-2002
Helps some

Thanks Peter:
I have not removed stuff from the /etc/services/ Jsut set the disable = yes parameter. In the services that I did not require.
I am running Redhat Linux 7.0. Redhat has an xinet.d instead of inet.d. I have also commented out the services that I did not need. Still I have these open ports. I am confused as to what they are and what are they doing!!

Only problem with the firewall (iptables) is that I am vary of the ports it will close out. I am not sure (and am not clear on the administration of iptables).
# 4  
Old 09-19-2002
/etc/services does not have a "disable = yes" parameter. /etc/xinetd.conf and /etc/xinet.d/* files do.

Use those.
# 5  
Old 09-21-2002
check out the startup scripts in /etc/rcX.d/
where X is 1 2 3 ...

could you please post the result of a netstat -a |grep LISTEN
then i could help you close those services by telling you
where to look! if your machine is on the internet
dont forget to remove your hostname from the output before you post here.. You dont want to get hacked do you Smilie


/Peter
# 6  
Old 10-08-2002
my netstat -a | grep LISTEN output is as follows:
tcp 0 0 *:5801 *:* LISTEN
tcp 0 0 *:5901 *:* LISTEN
tcp 0 0 *:6001 *:* LISTEN
tcp 0 0 *:587 *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 localhost.localdom:8007 *:* LISTEN
tcp 0 0 *:www *:* LISTEN
tcp 0 0 *Smilieostgres *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *Smilieop2 *:* LISTEN
tcp 0 0 *Smilieop3 *:* LISTEN
tcp 0 0 *Smilieop3s *:* LISTEN
tcp 0 0 *:auth *:* LISTEN
unix 0 [ ACC ] STREAM LISTENING 7218 /tmp/.s.PGSQL.5432
unix 0 [ ACC ] STREAM LISTENING 662 /dev/gpmctl
unix 0 [ ACC ] STREAM LISTENING 893 /tmp/.font-unix/fs7100
unix 0 [ ACC ] STREAM LISTENING 406 /dev/log
unix 0 [ ACC ] STREAM LISTENING 300584 /tmp/.X11-unix/X1
# 7  
Old 10-08-2002
Eek!
Just at a glance, I can see that you're running VNC (with the java viewer enabled), X, sendmail, Apache, Postgres, Samba, Pop2 (?!), Pop3, Secure Pop3, and Auth.

I'm sure you could look up the other port numbers to see what's going on...

Do you mean to be running all of these services, or is this just a home machine that only you want to be using?
This may be nromal if you're running a server, and want all of these to be active, but if this is your home machine, you may have a problem.

Previous Thread | Next Thread
Test Your Knowledge in Computers #788
Difficulty: Medium
Steve Wozniak was expelled from the University of California, Berkeley in his first year for hacking the university's computer system.
True or False?

9 More Discussions You Might Find Interesting

1. Post Here to Contact Site Administrators and Moderators

Closing thread

Hi, I guess, users do not have rights to close a thread. Please close thread 'Small automation' as it is resolved. Regards, snjksh (1 Reply)
Discussion started by: snjksh
1 Replies

2. What is on Your Mind?

AllTheWeb closing

It was officially announced that AllTheWeb is closing. Yahoo! no longer supports the function as per april 2011: AlltheWeb.com Before the world turned to google by default, there used to be a plethora of search engines. Most of them gave a headache with the prolific use of colors and animated gifs... (4 Replies)
Discussion started by: figaro
4 Replies

3. Shell Programming and Scripting

closing unwanted open ports using scripts

i have a text file i.e file1.txt which shows open ports on particular system. i have another text file i.e file2.txt which shows a list of allowed ports on a system. for eg: file2.txt 22/tcp ssh 23/tcp telnet. can i have a script which would compare these text files ,file1 and file2 ... (1 Reply)
Discussion started by: anand121
1 Replies

4. Post Here to Contact Site Administrators and Moderators

Thread Closing

Not sure as to How to close a thread so people understand that the issue was solved and the issue is not just sitting in limbo still waiting for a resolution. (1 Reply)
Discussion started by: mrmurdock
1 Replies

5. IP Networking

Closing the socket

Hi, I have a question on closing the listen socket in server. In the application I am working, the server is continously receiving requests from the client in its master socket to handle each request. There is an option to shutdown the server process. In this case do I need to explicitly close... (1 Reply)
Discussion started by: naan
1 Replies

6. Shell Programming and Scripting

closing windows

Ok i know to open a window from a script (mac); open whatever(name of a directory) but i don't how to close it. please some help. thanks. (0 Replies)
Discussion started by: Tártaro
0 Replies

7. Post Here to Contact Site Administrators and Moderators

Closing a thread

hi, Just wondering if there could be a way to close threads whose creator has got the desired reply. however if someone still wants to give a remark or suggest further on the thread one can still do so. Besides on the control panel there should be some kind of selection criteria to view... (3 Replies)
Discussion started by: linuxpenguin
3 Replies

8. Cybersecurity

firewall vs. closing ports

This may be kind of a stupid question, but here goes: Say I'm running a FreeBSD webserver (w/apache). I've managed to close ALL open ports (including SSH/telnet and portmapper), excepting '80' that apache is listening on. A netstat -a shows me nothing open. Discounting DoS/DDoS or holes in... (7 Replies)
Discussion started by: adam_crosby
7 Replies

9. Cybersecurity

closing open ports

/* Linux Slackware */ Nmap shows the following ports open on the gateway. 21/tcp ftp 22/tcp ssh 23/tcp telnet 25/tcp smtp 37/tcp time 80/tcp http 113/tcp auth 515/tcp printer 587/tcp submission 1024/tcp kdm 6000/tcp x11 ------------------------------- i would like to close as... (10 Replies)
Discussion started by: LowOrderBit
10 Replies

Featured Tech Videos