how can i close port number 6000 & 515 ?
Hi all! Can me tell somebody tell me, how do i can close a port number 6000 - a X-xerver port and a port numer 515 - a printer-port ?? When I scan ports I get following: ------------------------------- v2@jeronimo:~ > nmap localhost Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) Interesting ports on localhost (127.0.0.1): (The 1519 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 515/tcp open printer 6000/tcp open X11 Nmap run completed -- 1 IP address (1 host up) scanned in 1 second v2@jeronimo:~ > -------------------------------- I would like to have only 2 ports open - ftp & ssh. Thanx a lot. Vladimir.
Hi Vladimir
Can me tell somebody tell me, how do i can close a port number 6000 - a X-xerver port and a port numer 515 - a printer-port ??
Look at the FAQ at www.susececurity.com/faq about how to make X stop listening at port 6000. About the printer port, I don't now, sorry. Bye, Armin
Can me tell somebody tell me, how do i can close a port number 6000 - a X-xerver port and a port numer 515 - a printer-port ?? About the printer port, I don't now, sorry. The printer-port can be stopped by not starting lpd. (START_LPD=no)
bye! Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
On Sun, 11 Feb 2001, [iso-8859-1] Armin Schöch wrote:
Can me tell somebody tell me, how do i can close a port number 6000 - a X-xerver port and a port numer 515 - a printer-port ??
Look at the FAQ at www.susececurity.com/faq about how to make X stop listening at port 6000. About the printer port, I don't now, sorry.
If you want to print, I think you need lpd or inetd listening on this port, but you can restrict it to localhost by setting something like lpd: ALL EXCEPT 127.0.0.1 in /etc/hosts.deny I don't know, if lpd is respecting this file, so starting it by inetd with a line like printer stream tcp nowait root /usr/sbin/tcpd /usr/bin/lpd -i in /etc/inetd.conf could be better than lpd standalone. If you don't want to print, just set START_LPD=no in /etc/rc-config or deinstall the lpd-package. Hope, this helps! Peter -- Peter Münster http://notrix.net/pm-vcard
Hi, On Sunday 11 February 2001 14:59, Vladimir Vecgailis wrote:
Hi all!
Can me tell somebody tell me, how do i can close a port number 6000 - a X-xerver port and a port numer 515 - a printer-port ??
For X: start X with "-nolisten tcp", so if you use xdm you can edit /var/X11R6/lib/xdm/Xservers and add this to the server startup options. Printer port (515): Use ipchains: /sbin/ipchains -A input -p tcp -d 0.0.0.0./0 515 -i eth0 -l -j REJECT /sbin/ipchains -A input -p udp -d 0.0.0.0./0 515 -i eth0 -l -j REJECT Replace eth0 with the network interface you are using. Also, be aware that ftp and ssh might be remotely exploitable on your machine, so it's a good idea to restrict connections to clients you can trust, and watch out for the latest patches. Both ftp and sshd honour /etc/hosts.(deny|allow). You may also consider restricting access to ssh by adding an "AllowHosts ..." statement to /etc/sshd_config. Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany E-Mail (work): lewelin@uni-muenster.de
participants (5)
-
Armin Schöch -
Markus Gaugusch -
Martin Leweling -
Peter Münster -
Vladimir Vecgailis