You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2007-05-01 15:01:35
- belhifet
- Member
- Registered: 2007-04-17
- Posts: 39
close ports
I did:
$ nmap <external IP>
Starting Nmap 4.20 ( http://insecure.org ) at 2007-05-01 17:51 EEST
Interesting ports on 83.212.57.7:
Not shown: 1692 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
80/tcp open http
5190/tcp open aol
Nmap finished: 1 IP address (1 host up) scanned in 1.123 seconds
I don't run ssh or telnet for sure.
Why does nmap report those ports to be open?
How can I close them?
Offline
#2 2007-05-01 15:06:26
- Ramses de Norre
- Member
- From: Leuven - Belgium
- Registered: 2007-03-27
- Posts: 1,289
Re: close ports
Install and configure iptables, or use a GUI like firestarter or guarddog to configure them. There is more info about those programs in the wiki.
Offline
#3 2007-05-01 15:12:16
- belhifet
- Member
- Registered: 2007-04-17
- Posts: 39
Re: close ports
But how can they be open when I'm running no services that utilize them?
nmap localhost gives me only 6000 open, which is for X11.
Offline
#4 2007-05-01 15:13:33
- fk
- Member
- From: Germany
- Registered: 2006-04-29
- Posts: 524
Re: close ports
I did:
$ nmap <external IP>
Starting Nmap 4.20 ( http://insecure.org ) at 2007-05-01 17:51 EEST
Interesting ports on 83.212.57.7:
Not shown: 1692 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
80/tcp open http
5190/tcp open aolNmap finished: 1 IP address (1 host up) scanned in 1.123 seconds
I don't run ssh or telnet for sure.
Why does nmap report those ports to be open?How can I close them?
If these ports are open you must run these services .
Please post the result of
ps -auxLast edited by fk (2007-05-01 15:21:09)
Have you tried to turn it off and on again?
Offline
#5 2007-05-01 15:20:14
- belhifet
- Member
- Registered: 2007-04-17
- Posts: 39
Re: close ports
Well I did a pgrep for ssh, sshd and telnet and it didn't return anything.
Offline
#6 2007-05-01 15:21:18
- fk
- Member
- From: Germany
- Registered: 2006-04-29
- Posts: 524
Re: close ports
But how can they be open when I'm running no services that utilize them?
nmap localhost gives me only 6000 open, which is for X11.
You are behind a internet-accsess router from your ISP ?
If yes, the router have these ports open
Have you tried to turn it off and on again?
Offline
#7 2007-05-01 15:30:25
- belhifet
- Member
- Registered: 2007-04-17
- Posts: 39
Re: close ports
If yes, the router have these ports open
Correct, I just realized that (few seconds before your post, heh).
I closed all services on the router (including http) and now I have another problem.
I can't log in my router through http anymore (because I closed the service, damn).
What can I do?
Offline
#8 2007-05-01 15:47:29
- fk
- Member
- From: Germany
- Registered: 2006-04-29
- Posts: 524
Re: close ports
If yes, the router have these ports open
Correct, I just realized that (few seconds before your post, heh).
I closed all services on the router (including http) and now I have another problem.
I can't log in my router through http anymore (because I closed the service, damn).What can I do?
Reset the router.....
Have you tried to turn it off and on again?
Offline
#9 2007-05-01 15:48:52
- belhifet
- Member
- Registered: 2007-04-17
- Posts: 39
Re: close ports
That's the last resort.
Isn't there any other way?
Offline
#10 2007-05-01 15:50:44
- fk
- Member
- From: Germany
- Registered: 2006-04-29
- Posts: 524
Re: close ports
If you stop all services on your router via you can access the router remotly, this is the only way..
Have you tried to turn it off and on again?
Offline
#11 2007-05-01 16:30:56
- broch
- Banned
- From: L.A. California
- Registered: 2006-11-13
- Posts: 975
Re: close ports
with iptables down:
nmap xxx.xxx.xxx.xxx
Starting Nmap 4.20 ( http://insecure.org ) at 2007-05-01 09:22 PDT
All 1697 scanned ports on xxx.xxx.xxx.xxx are closed
Nmap finished: 1 IP address (1 host up) scanned in 0.146 second
also
[~]$ netstat -pantul
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
[~]$
all ports closed. Usually I run cups and openntpd so while nmap shows nothing (iptables up this time), netstat -pantul shows:
[~]$ netstat -pantul
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
udp 0 0 xxx.xxx.xxx.xxx:1043 xxx.xxx.xxx.xxx:123 ESTABLISHED -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
[~]$
Offline
#12 2007-05-01 19:01:04
- belhifet
- Member
- Registered: 2007-04-17
- Posts: 39
Re: close ports
Strange thing is that now that I have closed all services in my router I get:
Interesting ports on 192.168.1.1:
Not shown: 1693 closed ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
80/tcp open http
5190/tcp open aol
Nmap finished: 1 IP address (1 host up) scanned in 0.978 seconds
192.168.1.1 is my router.
But when I telnet to each one of those ports, it says:
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
Connection closed by foreign host.
So they're not open.
Why is this happening?
Also broch, aren't you running X11?
Offline
#13 2007-05-02 15:02:29
- japetto
- Member
- From: Chicago, IL US
- Registered: 2006-07-02
- Posts: 183
Re: close ports
belhifet, you can run X11 and not have it listen for a tcp connection (-nolisten tcp). See/search http://wiki2.archlinux.org/index.php/In … igure_xorg for details.
Offline
Pages: 1