View previous topic :: View next topic |
Author |
Message |
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Sat Feb 22, 2003 5:27 pm Post subject: |
|
|
No you don't for web server the only ports you need externally accesible are those you are using (80, 443 maybe).
The same for FTP.
|
|
Back to top |
|
|
mallinanga Just Arrived
Joined: 19 Feb 2003 Posts: 0 Location: Nbg(DE) | Athens(GR)
|
Posted: Sat Feb 22, 2003 5:31 pm Post subject: |
|
|
hmmm...
thanks 4 answering!!!
any suggestion how should i close those ports???
i have a firewall but i do not these ports open on my lan either
(sorry for my english)
|
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Sat Feb 22, 2003 5:38 pm Post subject: |
|
|
Unless your concerned about a attack from the inside of your network, I'd verify your firewall is working properly from the net to you. i.e. what someone out on the net would see if they looked at your net.
You do have a firewall right? If not get one, anytype is better than none. Then if you have any questions on setup after reading the setup files post them here in the firewall section.
|
|
Back to top |
|
|
mallinanga Just Arrived
Joined: 19 Feb 2003 Posts: 0 Location: Nbg(DE) | Athens(GR)
|
Posted: Sat Feb 22, 2003 5:41 pm Post subject: |
|
|
yeap!
i have a firewall...and it's good configured(at least i hope so)
but i want to close these ports exactly from internal attacks...
can i stop these services from inted.conf of rc.inet1/inet2 or rc.M or sothething?
|
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Sat Feb 22, 2003 6:54 pm Post subject: |
|
|
Where is your firewall? If it's on the same machine you may already have the protection you need. Therefore the open ports don't mean much.
Also have you done ps -ax to see the processes your running as su -? Anything running that you don't want?
|
|
Back to top |
|
|
mallinanga Just Arrived
Joined: 19 Feb 2003 Posts: 0 Location: Nbg(DE) | Athens(GR)
|
Posted: Sat Feb 22, 2003 7:23 pm Post subject: |
|
|
no tha firewall is on a different machine...
and i did made a ps -aux and seen that the rpc process is running but do i have to kill this everytime i boot???...can't i disable this proc once and for all?
except that i cannot find which proc is associated with port 518
|
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Sat Feb 22, 2003 7:32 pm Post subject: |
|
|
The following uses port 518
ntalk 518/tcp
ntalk 518/udp
Also you mentioned the firewall was not on your machine. If so, consider putting one on. Then you have more than one way of controlling whats going on in you machine.
On your comment about a startup file for spawning processes yes, but the name eludes me at the moment. Sorry. Its very simple I just can't remember. Senior moment/day
Could someone could help him on the name and path of the file(s) for? if you don't have the path just do a "find -name filename" from the root.
|
|
Back to top |
|
|
mallinanga Just Arrived
Joined: 19 Feb 2003 Posts: 0 Location: Nbg(DE) | Athens(GR)
|
Posted: Sat Feb 22, 2003 7:46 pm Post subject: |
|
|
DONE!!!!!!!
it was in front of my eyes all the time but i couldn't see it!!!
the rpc.portmapper service is started from the etc/rc.d/rc.inet2
(i've commented those lines)
the nfs service is also there
(commented that too)
as for the ntalk ------> /etc/inted.conf
(commented this line and u r ready2go!!!)
i hope that i won't have probs with my servers by disabling those features/services...
thank you all!!!
|
|
Back to top |
|
|
mallinanga Just Arrived
Joined: 19 Feb 2003 Posts: 0 Location: Nbg(DE) | Athens(GR)
|
Posted: Sat Feb 22, 2003 8:05 pm Post subject: |
|
|
excuse me if i become a bit boring but is the identd (port 113) needed as well to have a http/ftp/samba/ssh server?????
at this point i won't be disatisfied if u don't answer me cause i know i've become annoying!
thnx in advance!
|
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Sat Feb 22, 2003 8:26 pm Post subject: |
|
|
Port 113 has a couple of things:
ident 113/tcp
auth 113/tcp Authentication Service
auth 113/udp Authentication Service
|
|
Back to top |
|
|
EREALZ Just Arrived
Joined: 25 Jan 2003 Posts: 0 Location: nyc
|
Posted: Sat Feb 22, 2003 8:33 pm Post subject: same here with 111 |
|
|
im runing slackware and my 111 port seem to be open iv shut it down but acording to nmap it still open so it got to be in the rc.d section wat were is it exactly
|
|
Back to top |
|
|
mallinanga Just Arrived
Joined: 19 Feb 2003 Posts: 0 Location: Nbg(DE) | Athens(GR)
|
Posted: Sat Feb 22, 2003 10:24 pm Post subject: |
|
|
what das that mean fastlanwan???
does that mean that i actually need some of them or that was just an info?
|
|
Back to top |
|
|
EREALZ Just Arrived
Joined: 25 Jan 2003 Posts: 0 Location: nyc
|
Posted: Sat Feb 22, 2003 11:47 pm Post subject: 111 port need to run ssh |
|
|
well i was concernd about this port so i closed it by commented /rc.d/rc.int2 when i rebooted i could login via ssh so im guessing 111 is need for this service
please correct me if im mistaken
|
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Sun Feb 23, 2003 1:00 am Post subject: |
|
|
Quote: |
what das that mean fastlanwan??? |
ident and auth services are two that uses that port. If you close the ports and like EREALZ said some service use it. For EREALZ, ssh was using it. If you don't use ssh or other services that also use it, then this is no problem in closing it. If you find out later that you can't authenticate or loss of cennectivity then try open it back up.
|
|
Back to top |
|
|
|