• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Port 111

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Sat Feb 22, 2003 5:27 pm    Post subject: Reply with quote

No you don't for web server the only ports you need externally accesible are those you are using (80, 443 maybe).

The same for FTP.
Back to top
View user's profile Send private message Visit poster's website
mallinanga
Just Arrived
Just Arrived


Joined: 19 Feb 2003
Posts: 0
Location: Nbg(DE) | Athens(GR)

Offline

PostPosted: Sat Feb 22, 2003 5:31 pm    Post subject: Reply with quote

hmmm...

thanks 4 answering!!! Smile

any suggestion how should i close those ports???

i have a firewall but i do not these ports open on my lan either

(sorry for my english)
Back to top
View user's profile Send private message Visit poster's website
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Sat Feb 22, 2003 5:38 pm    Post subject: Reply with quote

Unless your concerned about a attack from the inside of your network, I'd verify your firewall is working properly from the net to you. i.e. what someone out on the net would see if they looked at your net.

You do have a firewall right? If not get one, anytype is better than none. Then if you have any questions on setup after reading the setup files post them here in the firewall section.
Back to top
View user's profile Send private message Visit poster's website
mallinanga
Just Arrived
Just Arrived


Joined: 19 Feb 2003
Posts: 0
Location: Nbg(DE) | Athens(GR)

Offline

PostPosted: Sat Feb 22, 2003 5:41 pm    Post subject: Reply with quote

yeap!

i have a firewall...and it's good configured(at least i hope so)

but i want to close these ports exactly from internal attacks...

can i stop these services from inted.conf of rc.inet1/inet2 or rc.M or sothething?
Back to top
View user's profile Send private message Visit poster's website
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Sat Feb 22, 2003 6:54 pm    Post subject: Reply with quote

Where is your firewall? If it's on the same machine you may already have the protection you need. Therefore the open ports don't mean much.

Also have you done ps -ax to see the processes your running as su -? Anything running that you don't want?
Back to top
View user's profile Send private message Visit poster's website
mallinanga
Just Arrived
Just Arrived


Joined: 19 Feb 2003
Posts: 0
Location: Nbg(DE) | Athens(GR)

Offline

PostPosted: Sat Feb 22, 2003 7:23 pm    Post subject: Reply with quote

no tha firewall is on a different machine...

and i did made a ps -aux and seen that the rpc process is running but do i have to kill this everytime i boot???...can't i disable this proc once and for all?

except that i cannot find which proc is associated with port 518
Back to top
View user's profile Send private message Visit poster's website
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Sat Feb 22, 2003 7:32 pm    Post subject: Reply with quote

The following uses port 518

ntalk 518/tcp
ntalk 518/udp

Also you mentioned the firewall was not on your machine. If so, consider putting one on. Then you have more than one way of controlling whats going on in you machine.

On your comment about a startup file for spawning processes yes, but the name eludes me at the moment. Sorry. Its very simple I just can't remember. Senior moment/day Crying or Very sad

Could someone could help him on the name and path of the file(s) for? if you don't have the path just do a "find -name filename" from the root.
Back to top
View user's profile Send private message Visit poster's website
mallinanga
Just Arrived
Just Arrived


Joined: 19 Feb 2003
Posts: 0
Location: Nbg(DE) | Athens(GR)

Offline

PostPosted: Sat Feb 22, 2003 7:46 pm    Post subject: Reply with quote

DONE!!!!!!!

it was in front of my eyes all the time but i couldn't see it!!!

the rpc.portmapper service is started from the etc/rc.d/rc.inet2
(i've commented those lines)
the nfs service is also there
(commented that too)

as for the ntalk ------> /etc/inted.conf
(commented this line and u r ready2go!!!)

i hope that i won't have probs with my servers by disabling those features/services...

thank you all!!!
Back to top
View user's profile Send private message Visit poster's website
mallinanga
Just Arrived
Just Arrived


Joined: 19 Feb 2003
Posts: 0
Location: Nbg(DE) | Athens(GR)

Offline

PostPosted: Sat Feb 22, 2003 8:05 pm    Post subject: Reply with quote

excuse me if i become a bit boring but is the identd (port 113) needed as well to have a http/ftp/samba/ssh server?????

at this point i won't be disatisfied if u don't answer me cause i know i've become annoying! Embarassed

thnx in advance! Very Happy
Back to top
View user's profile Send private message Visit poster's website
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Sat Feb 22, 2003 8:26 pm    Post subject: Reply with quote

Port 113 has a couple of things:

ident 113/tcp
auth 113/tcp Authentication Service
auth 113/udp Authentication Service
Back to top
View user's profile Send private message Visit poster's website
EREALZ
Just Arrived
Just Arrived


Joined: 25 Jan 2003
Posts: 0
Location: nyc

Offline

PostPosted: Sat Feb 22, 2003 8:33 pm    Post subject: same here with 111 Reply with quote

im runing slackware and my 111 port seem to be open iv shut it down but acording to nmap it still open so it got to be in the rc.d section wat were is it exactly
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
mallinanga
Just Arrived
Just Arrived


Joined: 19 Feb 2003
Posts: 0
Location: Nbg(DE) | Athens(GR)

Offline

PostPosted: Sat Feb 22, 2003 10:24 pm    Post subject: Reply with quote

what das that mean fastlanwan???

does that mean that i actually need some of them or that was just an info?
Back to top
View user's profile Send private message Visit poster's website
EREALZ
Just Arrived
Just Arrived


Joined: 25 Jan 2003
Posts: 0
Location: nyc

Offline

PostPosted: Sat Feb 22, 2003 11:47 pm    Post subject: 111 port need to run ssh Reply with quote

well i was concernd about this port so i closed it by commented /rc.d/rc.int2 when i rebooted i could login via ssh so im guessing 111 is need for this service

please correct me if im mistaken
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Sun Feb 23, 2003 1:00 am    Post subject: Reply with quote

Quote:
what das that mean fastlanwan???


ident and auth services are two that uses that port. If you close the ports and like EREALZ said some service use it. For EREALZ, ssh was using it. If you don't use ssh or other services that also use it, then this is no problem in closing it. If you find out later that you can't authenticate or loss of cennectivity then try open it back up.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Goto page Previous  1, 2
Page 2 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register