PDA

View Full Version : How do I close open ports?



Blackfyr
09-06-2003, 01:09 AM
In testing my site after finding that AOL had blocked my emails due to purported spamming, I found that I have the following ports open: 21, 22, 25, 80, 110, 111, 139. Which of these must remain open, what are they for and which can I close - and how?

torrin
09-06-2003, 08:58 AM
OK, you should first see what each of these ports do so heres a list.

21 ftp
22 ssh
25 smtp
80 http
110 pop3
111 sunrpc
139 netbios

I'm going to assume you're talking about your hosted computer at westhost.

As far as I can tell, 111 and 139 shouldn't be open at all. You need to stop the portmap daemon and probably samba. Are these running by default on your westhost account? If so, why(this question is directed to westhost tech support)? As for the rest, it depends on what you are using you account for. These ports are normally closed by closing the associated daemons though.

ftp - ?
ssh - ssh
smtp - sendmail
http - apache
pop3 - ?
sunrpc - portmap
netbios - ?

I could be more specific about what you need to do, but unfortunately, I haven't been converted to westhost 2.0 yet, and I don't have a Red Hat (http://www.redhat.com/) box sitting in front of me.

Blackfyr
09-06-2003, 09:14 AM
Yes, these are running by default, as I have not made any changes (nor do I really know how at this time). However, I imagine POP3 is open so access can be made to the POP server by the email programs?

And it seems I didn't wait quite long enough before posting last night because my port scanner also found port 32768 open. Any ideas what that one is for?

torrin
09-06-2003, 09:46 AM
And it seems I didn't wait quite long enough before posting last night because my port scanner also found port 32768 open. Any ideas what that one is for?

I can't find that one in my list. I don't know how much control westhost gives you, but if they give you root level access, you can find out what program has those ports open by issuing this command.

netstat -tupan | grep LISTEN

That has to be done as user root.

Blackfyr
09-06-2003, 10:16 AM
I'm a relative newbie when it comes to UNIX systems. How do I make myself root? With the new system, I technically have root access as it's a virtual server.

ajparker
09-06-2003, 10:25 AM
The su command is usually how you do that - but it seems to be missing from our installs.... it seems westhost assumes if we log in as the default account we don't need to (s)witch(u)sers...?

As for that port 32768...

I found a reference on the securityfocus lists and it seems as though it is rpc related and is open by default in (at least) red hat 7.1 ........ rpc.statd seems to be what uses it (according to the securityfocus/newsgroup threads I found.)

Avery

gbanse
09-06-2003, 12:52 PM
Blackfyr,
If you don't know UNIX commands and you're responsible for the server I strongly suggest you hire someone who has experience and knows what they're doing. An open webserver is an invitation to disaster. If you don't know how to lock it down you are wide open to exploitation. Hire someone and look over their shoulder so you can learn too. But get it locked down fast before someone finds it and hacks it. :!:

Blackfyr
09-06-2003, 03:05 PM
Thatnks for the advice. Unfortunately that requires having money to hire someone - something I don't have. If you have nothing useful to say in response to my <u>specific</u> questions, please don't respond.