Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] port closing
  • From: Gideon Hallett <diogenes@xxxxxxxxxx>
  • Date: Tue, 7 Aug 2001 20:26:31 +0000
  • Message-id: <0df663727190781PCOW024M@xxxxxxxxxxxxxxxx>
On Tuesday 07 August 2001 6:52 pm, daniel quinn wrote:
> all this talk of the codred thing has got me wondering about the status of
> my ports. how do i check to see which are open/closed? and how do i
> open/close them?

The easiest way (IMO) is to do what any would-be intruder will do - portscan
yourself.

Make sure you've got nmap installed, then try something along the lines of

'nmap -v -O 192.168.242.1' (or whatever your *net*-facing IP address is).

It will scan all open ports on your machine and report back on which ones are
open.

Here's one I prepared earlier;

==================================
> nmap -v -O a.b.c.d (obviously, IP addresses and DNS names have been
changed!)

Starting nmap V. 2.54BETA28 ( www.insecure.org/nmap/ )
No tcp,udp, or ICMP scantype specified, assuming vanilla tcp connect() scan.
Use -sP if you really don't want to portscan (and just want to see what hosts
are up).
Host a-b-c-d.blueyonder.co.uk (a.b.c.d) appears to be up ... good.
Initiating Connect() Scan against a-b-c-d.blueyonder.co.uk (a.b.c.d)
Adding open port 22/tcp
Bumping up senddelay by 10000 (to 10000), due to excessive drops
Bumping up senddelay by 20000 (to 30000), due to excessive drops
Bumping up senddelay by 30000 (to 60000), due to excessive drops
Bumping up senddelay by 40000 (to 100000), due to excessive drops
Bumping up senddelay by 50000 (to 150000), due to excessive drops
Bumping up senddelay by 60000 (to 210000), due to excessive drops
Bumping up senddelay by 75000 (to 285000), due to excessive drops
Bumping up senddelay by 75000 (to 360000), due to excessive drops
The Connect() Scan took 1542 seconds to scan 1548 ports.
For OSScan assuming that port 22 is open and port 1 is closed and neither are
firewalled
Interesting ports on a-b-c-d.blueyonder.co.uk (a.b.c.d):
(The 1547 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh

Remote operating system guess: Linux Kernel 2.4.0 - 2.4.5 (X86)
Uptime 8.358 days (since Mon Jul 30 10:41:40 2001)
TCP Sequence Prediction: Class=random positive increments
Difficulty=3030585 (Good luck!)
IPID Sequence Generation: All zeros

Nmap run completed -- 1 IP address (1 host up) scanned in 1545 seconds
======================================

Once you've got a handle on which ports are open, you can close them by
commenting out lines in /etc/inetd.conf (shutting down the services) or by
configuring your firewall to block out the appropriate traffic (as you can
see above, I block *all* incoming traffic apart from ssh).

Hope this helps; and if I've missed anything, I'm sure people will correct me.

cheers,
Gideon.

< Previous Next >
References