On Sat, Apr 27, 2002, Eliran wrote about "Unknown Ports": > I have just ran netstat and found out that these ports are open: > 515, 6000, 113, 25 > there are others but only these are connectable and in State LISTEN > (netstat --inet -an), the 25 port is the mail server postscript and > I allowed it.
You probably mean "postfix", not postscript ;) To see which process is listening on these ports, add a "-p" option to netstat (and run it as root, this is important!). > Then what is port 515, 6000, 113 I thought 113 is some kind of another > mail server (not to send mail, to receive mail) but its not that. > > I have checked a list of ports but they were only trojans ports only. Your linux installation probably includes a file /etc/services with a list of ports useful on Linux machines. From my /etc/services: auth 113/tcp authentication tap ident printer 515/tcp spooler # line printer spooler x11 6000/tcp X # the X Window System So you probably have an identd listening on port 113, lpd listening on 515 and X Windows listening on 6000 (this is your.machine:0.0). A netstat -p (like I explained above) would show you that. > After googling for "Port 515" I found out this is a printer daemon > (lpd) and I dont want others to be able to connect to it, is there > a way to block it so only 127.0.0.1 will able to connect to it ? > (ipchains ?) Yes. Here's a simple rule (untested, so please test it) not allowing anything from ppp0 (assuming you connect externally with a modem) to connect to these ports: ipchains -A input -i ppp0 --dport 515 -j DENY -l ipchains -A input -i ppp0 --dport 6000:6063 -j DENY -l ipchains -A input -i ppp0 --dport 113 -j DENY -l (note that the last rule, barring ident, will sometime give you trouble if you're trying to run a mail server or an IRC client on your machine, because these things may insist that you run a responsive ident client). What I actually do instead is to block all ports, except only a few which I allow. But I'm really paranoid :) > Googling for port 6000 tells me it is a remote X server, others > can connect to it ? Right... > I also run an Identd application for IRC ident and that should be port 113. So you already know the answers, so why ask? :) > I need port 113 and 25 open, about the printer daemon... I need it to .. > Port 25 is important for my mail, and I need it too. Are you sure you need port 25 open? Why? Are you trying to run a mail *server* on your machine? > So what I don't need is port 25 and 113 , X server (is this xfs?) should No, xfs is the X *font* server. -- Nadav Har'El | Saturday, Apr 27 2002, 15 Iyyar 5762 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |Preserve wildlife -- pickle a squirrel http://nadav.harel.org.il |today! ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
