View Full Version : How do I close open ports?

09-06-2003, 01:09 AM
In testing my site after finding that AOL had blocked my emails due to purported spamming, I found that I have the following ports open: 21, 22, 25, 80, 110, 111, 139. Which of these must remain open, what are they for and which can I close - and how?

09-06-2003, 08:58 AM
OK, you should first see what each of these ports do so heres a list.

21 ftp
22 ssh
25 smtp
80 http
110 pop3
111 sunrpc
139 netbios

I'm going to assume you're talking about your hosted computer at westhost.

As far as I can tell, 111 and 139 shouldn't be open at all. You need to stop the portmap daemon and probably samba. Are these running by default on your westhost account? If so, why(this question is directed to westhost tech support)? As for the rest, it depends on what you are using you account for. These ports are normally closed by closing the associated daemons though.

ftp - ?
ssh - ssh
smtp - sendmail
http - apache
pop3 - ?
sunrpc - portmap
netbios - ?

I could be more specific about what you need to do, but unfortunately, I haven't been converted to westhost 2.0 yet, and I don't have a Red Hat (http://www.redhat.com/) box sitting in front of me.

09-06-2003, 09:14 AM
Yes, these are running by default, as I have not made any changes (nor do I really know how at this time). However, I imagine POP3 is open so access can be made to the POP server by the email programs?

And it seems I didn't wait quite long enough before posting last night because my port scanner also found port 32768 open. Any ideas what that one is for?

09-06-2003, 09:46 AM
And it seems I didn't wait quite long enough before posting last night because my port scanner also found port 32768 open. Any ideas what that one is for?

I can't find that one in my list. I don't know how much control westhost gives you, but if they give you root level access, you can find out what program has those ports open by issuing this command.

netstat -tupan | grep LISTEN

That has to be done as user root.

09-06-2003, 10:16 AM
I'm a relative newbie when it comes to UNIX systems. How do I make myself root? With the new system, I technically have root access as it's a virtual server.

09-06-2003, 10:25 AM
The su command is usually how you do that - but it seems to be missing from our installs.... it seems westhost assumes if we log in as the default account we don't need to (s)witch(u)sers...?

As for that port 32768...

I found a reference on the securityfocus lists and it seems as though it is rpc related and is open by default in (at least) red hat 7.1 ........ rpc.statd seems to be what uses it (according to the securityfocus/newsgroup threads I found.)


09-06-2003, 12:52 PM
If you don't know UNIX commands and you're responsible for the server I strongly suggest you hire someone who has experience and knows what they're doing. An open webserver is an invitation to disaster. If you don't know how to lock it down you are wide open to exploitation. Hire someone and look over their shoulder so you can learn too. But get it locked down fast before someone finds it and hacks it. :!:

09-06-2003, 03:05 PM
Thatnks for the advice. Unfortunately that requires having money to hire someone - something I don't have. If you have nothing useful to say in response to my <u>specific</u> questions, please don't respond.