On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote: > Hi, > I disabled all but a few ports in /etc/services, but I have > tcp 0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
/etc/services does not enable or disable ports. It is merely a database
mapping commonly used ports to names. Nothing more.
> 25/tcp open smtp
> 37/tcp open time
> 66/tcp open sql*net
> 80/tcp open http
> 110/tcp open pop-3
> 443/tcp open https
> 3306/tcp open mysql
> open. How can I close ports 111 and 859? They are not enabled in
> /etc/services
Well, port 111 used to be in /etc/services, before you deleted it. But
as I said, that has no effect on anything. You need to find out what
process is listening on that particular port, then figure out why it's
running. If you've got fuser installed, try running 'fuser -n TCP 111'
to see what process is listening on port 111. Or you can do something
like netstat -npl | egrep '\:111[[:space:]]'
You will discover that portmap is listening on port 111 and something
like rpc.statd is running on 859. If you don't use NFS, you can disable
both of these. /etc/init.d/nfs-common stop will shut rpc.statd down,
and 'find /etc/ -name S??nfs-common -exec rm -f {} \;' will prevent it
from starting on future system boots.
/etc/init.d/portmap stop will shutdown portmap. 'rm -rf
/etc/rcS.d/S41portmap' will stop it from starting on future reboots.
Note that the right hand column in nmap's output is *not* meant to tell
you what service is listening on that port. It is only there to let you
know what service commonly listens on that port. Some services listen
on dynamically chosen ports. Are you sure you're runing https and
sql*net?
noah
--
_______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgpcbwEaScV6d.pgp
Description: PGP signature
