Just needed to know if all the ports above 1024 are closed by default. I know that below 1024 the ports are reserved for the kernel and ports above 1024 are reserved for user applications.
But by default, if I do not have a rule in my firewall to block ports above 1024, Will my system accept incoming or outgoing traffic?. (I think outgoing YES).
To see what processes are listening on what ports, use netstat, eg for a telephony server @ my shop:
Code:
[root@server ~]# netstat -tlnp | head -5
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:199 0.0.0.0:* LISTEN 30962/snmpd
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 6051/java
tcp 0 0 0.0.0.0:4201 0.0.0.0:* LISTEN 6051/java
[root@server ~]# netstat -ulnp | head -5
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:19342 0.0.0.0:* 6123/asterisk
udp 0 0 0.0.0.0:19343 0.0.0.0:* 6123/asterisk
udp 0 0 0.0.0.0:161 0.0.0.0:* 30962/snmpd
[root@server ~]#
As you can see, this is listening on ports over 1024. There are many other things to notice. 'man netstat' for more options.
This is much more important than your firewall. Turn off all but unneccessary services. For instance, I betcha that "cupsd" is running. You don't want that unless the box in question is a printserver, listening on the IP associated w/the configured interface.
As to your firewall, you're going about the whole thing the wrong way. You want to DROP packets by default, then add your allow rules. To this end, this is typically found at the beginning of a firewall script / config file:
Code:
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
BTW, "DROP" is pref'd over "REJECT". REJECT returns a "nobody home". DROP drops the packets silently. Suggest you man iptables. Google the "Unreliable Guides" by the module's author. Also, there are many sample firewalls out there.
Hey guys, I'm having trouble with checking what ports are open on my Debian distro, which is reporting all ports closed, though they are clearly open
I am checking to see if ports are open with netcat:
nc 127.0.0.1 80
localhost 80 (http) : Connection refusedAs an example but on all ports... (0 Replies)
Dear all,
I have a Solaris 10 system with a bunch of zones on it. My issue is the following:
- I have application A and B running in the same zone: i.e. they communicate via loopback interface. Application A tries to connect to application B, usually listening on port X. If application B... (6 Replies)
Hi i have a txt file in which i do a awk operation with ":" as field separator
A
B
C
D
ABC::2386.13:2386.13:3248234281995::+DPY:INT:3:N::::2:200.00:0.00:2010-05-12:CA:
::2:N::N:PH:00010031:0001+DPY:BAL:3:N::::3:1601.01:0.00:2010-05-12:XT::2:N:MR ... (1 Reply)
Hi All,
How do I know if ssh_host_rsa_key is 1024 bit?
cat /etc/ssh/ssh_host_rsa_key | wc -m
887
It's only 887. Is that it? Or not?
Thank you for any comment you may add. (2 Replies)
Hi Everyone,
Good day.
Scenario:
2 unix servers -- A (SunOS) and B (AIX)
I have an ftp script to sftp 30 files from A to B which happen almost instantaneously i.e 30 sftp's happen at the same time.
Some of these sftp's fail with the following error:
ssh_exchange_identification: Connection... (1 Reply)
I need to set up an application to run in a script which will be running as a web server but is a database. I need to allow users to use the web server but the app must be run as root in order for the ports to be accessible. This is not a very secure environment would like to know how this could... (2 Replies)
