nmap showing cups/nfs open to outside.
Hi, I did an nmap scan on my computer itself on thee ways and realized that both the cups and nfs services are in fact listening on the external interfaces (last case as MYCOMP.MYDOMAIN): ########################### # nmap localhost && nmap 192.168.0.1 && nmap IP.IP.IP.IP Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-09-02 16:34 CEST Interesting ports on localhost (127.0.0.1): (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 25/tcp open smtp 111/tcp open rpcbind 631/tcp open ipp 930/tcp open unknown 2049/tcp open nfs Nmap finished: 1 IP address (1 host up) scanned in 0.564 seconds Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-09-02 16:34 CEST Interesting ports on trinity.skynet (192.168.0.1): (The 1657 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 631/tcp open ipp 930/tcp open unknown 2049/tcp open nfs 3128/tcp open squid-http Nmap finished: 1 IP address (1 host up) scanned in 0.562 seconds Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-09-02 16:34 CEST Interesting ports on MYCOMP.MYDOMAIN (IP.IP.IP.IP): (The 1659 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 111/tcp open rpcbind 631/tcp open ipp 930/tcp open unknown 2049/tcp open nfs Nmap finished: 1 IP address (1 host up) scanned in 0.559 seconds ########################### Previously I could successfully stop smtp/ssh/squid to listen on my external interface; would you please have an advise, how to stop the above two to do the same?! I'm not afraid too much, because the fire- wall is on, but... Thank you, Pelibali
On Saturday 02 September 2006 06:49, pelibali wrote:
Previously I could successfully stop smtp/ssh/squid to listen on my external interface; would you please have an advise, how to stop the above two to do the same?! I'm not afraid too much, because the fire-
The configuration of these is in the respective config files of those packages. take a look at /etc/ssh/sshd_config and the squid configuration, and the configuration files for what ever smtp service you are running. -- _____________________________________ John Andersen
On 02/09/06 08:49, pelibali wrote:
Hi,
I did an nmap scan on my computer itself on thee ways and realized that both the cups and nfs services are in fact listening on the external interfaces (last case as MYCOMP.MYDOMAIN):
<snip>
Previously I could successfully stop smtp/ssh/squid to listen on my external interface; would you please have an advise, how to stop the above two to do the same?! I'm not afraid too much, because the fire- wall is on, but... By default, services such as nfs, ipp and samba will listen on every network device you have, but that should not pose a problem if you have a good firewall. SuSEfirewall2, for example, will reject any new connections on ports that you do not explicitly allow, even though running nmap on your own external interface indicates they are open (that is probably due to the fact you are connecting to the interface from localhost).
Go to one of those external sites (google for port.scan and pick one,
you'll want to find one that does both TCP and UDP scans, most only do
TCP) to check which ports really are open on your system. If anything is
open that should be closed, the SuSEfirewall variables you need to check
are FW_SERVICES_EXT_* in /etc/sysconfig/SuSEfirewall2.
You can stop CUPS from listening on the external interface by editing
/etc/cups/cupsd.conf. I have not found a way to do this one in Yast
(which can do most other CUPS configuration operations), so you'll need
to edit it manually. Search for and comment out the line "Port 631", and
add the following lines:
Listen localhost:631
Listen
Hi, On Sat, 2 Sep 2006 16:49:08 +0200 pelibali <...> wrote:
scanning the same comp on three ways: nmap localhost PORT STATE SERVICE 111/tcp open rpcbind 631/tcp open ipp 930/tcp open unknown 2049/tcp open nfs ... nmap 192.168.0.1 (int) PORT STATE SERVICE 111/tcp open rpcbind 631/tcp open ipp 930/tcp open unknown 2049/tcp open nfs ... nmap IP.IP.IP.IP (ext) PORT STATE SERVICE 111/tcp open rpcbind 631/tcp open ipp 930/tcp open unknown 2049/tcp open nfs
This is time now to answer half of my previous question. I went for the file /etc/cups/cupsd.conf and defined Listen 127.0.0.1:631 Listen 192.168.0.1:631 there, which caused cupsd not listening on the external interface. BUT the nfs-related things I couldn't hide, because didn't find the respective place, where I could explicitly say that they should run only on internal interfaces. I'm on the way to digest all literature on rpc calls and hosts.deny/allow, but I'm sure, there should be a better way, than to firewall only these ports and defining e.g. exact internal IPs in the /etc/exports file on the nfs server... Thanks, Pelibali
participants (3)
-
Darryl Gregorash
-
John Andersen
-
pelibali