On Sat, Apr 27, 2002 at 12:42:11PM +0300, Guy Cohen wrote: > On Sat, Apr 27, 2002 at 12:27:37PM +0300, Eliran wrote: > > On Sat, Apr 27, 2002 at 12:17:12PM +0300, Nadav Har'El wrote: > > > On Sat, Apr 27, 2002, Eliran wrote about "Unknown Ports": > > > > I have just ran netstat and found out that these ports are open: > > > > 515, 6000, 113, 25 > > > > there are others but only these are connectable and in State LISTEN > > > > (netstat --inet -an), the 25 port is the mail server postscript and > > > > I allowed it. > > > > > > You probably mean "postfix", not postscript ;) > > > To see which process is listening on these ports, add a "-p" option to > > > netstat (and run it as root, this is important!). > > > > Yep I do. and port 6000 is being used by X. > > > > Here is the output of netstat --inet -an -p > > > > tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN >647/lpd Waiting > > tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN >1021/X > > tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN >605/identd > > tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN >932/master > > > > since when X opens a port on my computer ? and accessible by anyone with an >internet connection ? > > It allways does. Start it with -nolisten tcp flag.
Let say I dont, what others can do ? they connect to the machine and ? what are the commands ? > > > > > > > > > > Then what is port 515, 6000, 113 I thought 113 is some kind of another > > > > mail server (not to send mail, to receive mail) but its not that. > > > > > > > > I have checked a list of ports but they were only trojans ports only. > > > > > > Your linux installation probably includes a file /etc/services with a > > > list of ports useful on Linux machines. From my /etc/services: > > > > > > auth 113/tcp authentication tap ident > > > printer 515/tcp spooler # line printer spooler > > > x11 6000/tcp X # the X Window System > > > > > > So you probably have an identd listening on port 113, lpd listening on > > > 515 and X Windows listening on 6000 (this is your.machine:0.0). A > > > netstat -p (like I explained above) would show you that. > > > > > > > > > > After googling for "Port 515" I found out this is a printer daemon > > > > (lpd) and I dont want others to be able to connect to it, is there > > > > a way to block it so only 127.0.0.1 will able to connect to it ? > > > > (ipchains ?) > > > > > > Yes. > > > > > > Here's a simple rule (untested, so please test it) not allowing anything > > > from ppp0 (assuming you connect externally with a modem) to connect to these > > > ports: > > > ipchains -A input -i ppp0 --dport 515 -j DENY -l > > > ipchains -A input -i ppp0 --dport 6000:6063 -j DENY -l > > > ipchains -A input -i ppp0 --dport 113 -j DENY -l > > > > > > (note that the last rule, barring ident, will sometime give you trouble if > > > you're trying to run a mail server or an IRC client on your machine, because > > > these things may insist that you run a responsive ident client). > > > > > > > ipchains: can only specify ports for icmp, tcp or udp > > Try `ipchains -h' or 'ipchains --help' for more information. > > > > I think you need to specify what protocol to use : icmp, tcp or udp. They are all >TCP > > Maybe instead of going out of your horses to block this port, start > the lp daemon to listen only on localhost If I won't others will be able to print stuff without my authorization by just telnetting into it and typing few commands ? Is RFC's are good resource to learn about these ? > > > > > > What I actually do instead is to block all ports, except only a few which > > > I allow. But I'm really paranoid :) > > > > > me too. > > > > > > Googling for port 6000 tells me it is a remote X server, others > > > > can connect to it ? > > > > > > Right... > > > > > > > I also run an Identd application for IRC ident and that should be port 113. > > > > > > So you already know the answers, so why ask? :) > > > > Its not the point, read the rest. > > > > > > > > > I need port 113 and 25 open, about the printer daemon... I need it to > > > ... > > > > Port 25 is important for my mail, and I need it too. > > > > > > Are you sure you need port 25 open? Why? Are you trying to run a mail > > > *server* on your machine? > > > > I know sendmail is problematic, I searched bugtraq and packetstorm for >exploits/holes/bugs > > in my current sendmail 8.11.2-14 > > > > > > > > > So what I don't need is port 25 and 113 , X server (is this xfs?) should > > > > > > No, xfs is the X *font* server. > > > > So how do I block this the X port or just not LISTENing ? > > > > Thanks! > > > > > > -- > > > Nadav Har'El | Saturday, Apr 27 2002, 15 Iyyar 5762 > > > [EMAIL PROTECTED] |----------------------------------------- > > > Phone: +972-53-245868, ICQ 13349191 |Preserve wildlife -- pickle a squirrel > > > http://nadav.harel.org.il |today! > > > > > > > -- > > <a href="http://eg-site.tripod.com";>Eliran</a> > > > > I wrote a song, but I can't read music so I don't know what it is. > > Every once in a while I'll be listening to the radio and I say, "I think > > I might have written that." > > -- Stephen Wright > > > > ================================================================= > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > the word "unsubscribe" in the message body, e.g., run the command > > echo unsubscribe | mail [EMAIL PROTECTED] > -- <a href="http://eg-site.tripod.com";>Eliran</a> For my birthday I got a humidifier and a de-humidifier... I put them in the same room and let them fight it out... -- Stephen Wright ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
