One Question Herb are you running webmin? That typically uses port 10000. If so remove it and you should be fine.
Bryan Dyson LAN Administrator Solana Beach Presbyterian Church (858) 509-2580 www.solanapres.org -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H. Robinson, IV Sent: Tuesday, July 05, 2005 2:20 PM To: Friendly list for people new to Linux Subject: Re: Closing port 10000 Herb French wrote: > At 11:05 PM 7/5/2005 +0700, you wrote: > > > >Herb French wrote: > >> > >> I have had my LAN port disabled because my RH box was found to have open > >> port TCP/10000, which our network admins feel which could indicate > >> Veritas backup software is being used, although it isn't. > >> > >> How do I go about disabling port 10000? > > > >Do you believe that port 10000 is open? What happens if you telnet to > >it? Do you get a connection? > > No connection > > >Does netstat --listen show anything > >listening on it? > > > >If so you can run this command to see what is on that port: > > > >/sbin/fuser -n tcp 10000 > > No one listening > > >Then kill the process or remote the server from the init scripts or > >whatever. > > I'd prefer to close the port and leave it closed until such time as I would > need it. > Could you coach me through? > > > As a last resort you can set up some iptables rules to block > >access to that port and you can also block the ip/netblock of the nosey > >network admins from talking to your computer. Of course I would only > >recommend that if you are SURE you know what you are doing. :) Ports are by default closed, unless something opens them. The first tests were to see if they were open or not. Tests indicated that they were indeed closed. If you have a copy of nmap, you can run a couple of tests: 1) from localhost (usually easier, but less accurate) nmap -sT -p 10000 localhost 2) from another system (sometimes more difficult, but more accurate results) nmap -sT -p 10000 <name or ip address of system in question> You should see something like this: % nmap -sT -p 10000 localhost Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) The 1 scanned port on localhost (127.0.0.1) is: closed Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds If it is not in closed, then something has it open (or filtered). The task becomes to find what that *something* is. netstat should tell you what that something is. Good luck! -john -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
