Newsgroups: gmane.linux.debian.user Date: Fri, 13 Aug 2004 21:56:17 -0400
> I've just noticed that my debian testing open many ports by default: > > tcp 0 0 *:dict *:* LISTEN > tcp 0 0 *:time *:* LISTEN > tcp 0 0 *:discard *:* LISTEN > tcp 0 0 *:682 *:* LISTEN > tcp 0 0 *:daytime *:* LISTEN > tcp 0 0 *:sunrpc *:* LISTEN > tcp 0 0 *:www *:* LISTEN > tcp 0 0 *:x11-1 *:* LISTEN > tcp 0 0 *:auth *:* LISTEN > tcp 0 0 *:ssh *:* LISTEN > tcp 0 0 cxmr.dyndns.org:8118 *:* LISTEN > tcp 0 0 cxmr.dyndns.org:822 *:* LISTEN > tcp 0 0 *:ipp *:* LISTEN > tcp 0 0 *:3128 *:* LISTEN > > udp 0 0 *:discard *:* > udp 0 0 *:676 *:* > udp 0 0 *:679 *:* > udp 0 0 *:icpv2 *:* > udp 0 0 *:bootpc *:* > udp 0 0 *:sunrpc *:* > udp 0 0 *:ipp *:* > > How can I close them?
Uninstall the respective services. Or, use a firewalling system (dedicated firewall, iptables, etc…)
To find out what service uses what port:
stefan:~$ sudo lsof -i tcp:www # substitute your port name/number Password: COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME apache 221 root 16u IPv4 173 TCP *:www (LISTEN) apache 629 root 16u IPv4 173 TCP *:www (LISTEN) apache 630 root 16u IPv4 173 TCP *:www (LISTEN) apache 631 root 16u IPv4 173 TCP *:www (LISTEN) apache 632 root 16u IPv4 173 TCP *:www (LISTEN) apache 633 root 16u IPv4 173 TCP *:www (LISTEN)
Note that some services have options to use UNIX-domain sockets exclusively, such as the X-server (look for -nolisten tcp, etc).
You probably don't use all of these:
Webserver? If no, no apache. Dict Server? Disable. The client uses dict.org, not localhost. XServer? If you don't use the windowing system, get rid of it (note: _not_ using it is rare, GNOME/KDE require it) SSH? CUPS? (network printing)
As for discard/time/daytime, you need to comment out lines in your /etc/inetd.conf (but how can you exploit a service whose purpose is to discard everything you throw at it?)
> I've just noticed that my debian testing open many ports by default:
Some of them are opened by inetd. You can use "dpkg-reconfigure inetd", or edit /etc/inetd.conf and comment out the protocols you don't need. After that, restart inetd.
> tcp 0 0 *:www *:* LISTEN
This is a web server, maybe apache. It probably runs in standalone mode. If you don't need it, deinstall it. You can also bind it to some or several IPs like Cups or ssh.
> tcp 0 0 *:x11-1 *:* LISTEN
Check your login manager. Maby it opens a port. Look for Xservers files on your system. If you use kdm, open /etc/kde3/kdm/Xservers, and change all the lines like this:
original: :0 local@tty1 /usr/X11R6/bin/X vt7
changed: :0 local@tty1 /usr/X11R6/bin/X -nolisten tcp vt7
> tcp 0 0 *:auth *:* LISTEN
Some identd, like oidentd or pidentd. Probably run from inetd, and pretty harmless. You may need this one for some IRC networks. If you don't need it, deinstall it.
> tcp 0 0 *:ssh *:* LISTEN
Well, you should know what this is. You can configure ssh to listen only to selected IPs, e.g. those of your LAN interface, if you want. Check the sshd_config man page.
> tcp 0 0 *:ipp *:* LISTEN
Probably Cups printing. If you only use the printer on the computer Cups runs on, open /etc/cups/cupsd.conf, replace "Port 631" by "Listen 127.0.0.1:631" and restart Cups.
> udp 0 0 *:ipp *:*
Again Cups, this time browsing for network printers. If you don't need this, change "Browsing On" to "Browsing Off" in /etc/cups/cupsd.conf.
Andreas Janssen
% lsof -i tcp:time COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME inetd 651 root 7u IPv4 1059 TCP *:time (LISTEN)
lsof -i tcp:daytime COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME inetd 651 root 6u IPv4 1058 TCP *:daytime (LISTEN)
% lsof -i tcp:dict COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dictd 21560 dictd 12u IPv4 348620 TCP *:dict (LISTEN)
lsof -i tcp:682 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME rpc.statd 924 root 6u IPv4 1528 TCP *:682 (LISTEN)
lsof -i tcp:sunrpc COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME portmap 480 daemon 4u IPv4 570 TCP *:sunrpc (LISTEN)
lsof -i tcp:auth COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME inetd 651 root 8u IPv4 1060 TCP *:auth (LISTEN)
lsof -i tcp:822 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME famd 646 root 3u IPv4 1044 TCP cxmr.dyndns.org:822 (LISTEN)
lsof -i tcp:ipp COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME cupsd 9266 root 0u IPv4 426221 TCP *:ipp (LISTEN)
lsof -i tcp:8118 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME privoxy 768 privoxy 3u IPv4 1195 TCP cxmr.dyndns.org:8118 (LISTEN)
lsof -i tcp:3128 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME squid 996 proxy 11u IPv4 1648 TCP *:3128 (LISTEN)
% lsof -i tcp:dict COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dictd 21560 dictd 12u IPv4 348620 TCP *:dict (LISTEN)
% /etc/init.d/dictd stop
% update-rc.d -f dictd remove update-rc.d: /etc/init.d/dictd exists during rc.d purge (continuing) Removing any system startup links for /etc/init.d/dictd ... /etc/rc0.d/K20dictd /etc/rc1.d/K20dictd /etc/rc2.d/S20dictd /etc/rc3.d/S20dictd /etc/rc4.d/S20dictd /etc/rc5.d/S20dictd /etc/rc6.d/K20dictd
Ref:
% update-rc.d dictd remove update-rc.d: /etc/init.d/dictd exists during rc.d purge (use -f to force)
% update-rc.d dictd defaults 20 Adding system startup for /etc/init.d/dictd ... /etc/rc0.d/K20dictd -> ../init.d/dictd /etc/rc1.d/K20dictd -> ../init.d/dictd /etc/rc6.d/K20dictd -> ../init.d/dictd /etc/rc2.d/S20dictd -> ../init.d/dictd /etc/rc3.d/S20dictd -> ../init.d/dictd /etc/rc4.d/S20dictd -> ../init.d/dictd /etc/rc5.d/S20dictd -> ../init.d/dictd