gmoreno
12-21-2000, 02:09 PM
My Bro's box has 1001 ports open. How can I close them. When he only has one open in inetd.conf
nmap localhost:
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ (http://www.insecure.org/nmap/) )
Interesting ports on localhost (127.0.0.1):
(The 1496 ports scanned but not shown below are in state: closed)
Port State Service
1/tcp open tcpmux
11/tcp open systat
15/tcp open netstat
22/tcp open ssh
25/tcp open smtp
79/tcp open finger
80/tcp open http
111/tcp open sunrpc
119/tcp open nntp
143/tcp open imap2
515/tcp open printer
540/tcp open uucp
587/tcp open submission
635/tcp open unknown
1080/tcp open socks
1524/tcp open ingreslock
2000/tcp open callbook
3306/tcp open mysql
6000/tcp open X11
6667/tcp open irc
12345/tcp open NetBus
12346/tcp open NetBus
31337/tcp open Elite
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
/etc/inetd.conf:
# See "man 8 inetd" for more information.
#
# If you make changes to this file, either reboot your machine or send the
# inetd a HUP signal:
# Do a "ps x" as root and look up the pid of inetd. Then do a
# "kill -HUP <pid of inetd>".
# The inetd will re-read this file whenever it gets that signal.
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
# The first 4 services are really only used for debugging purposes, so
# we comment them out since they can otherwise be used for some nasty
# denial-of-service attacks. If you need them, uncomment them.
# echo stream tcp nowait root internal
# echo dgram udp wait root internal
# discard stream tcp nowait root internal
# discard dgram udp wait root internal
# daytime stream tcp nowait root internal
# daytime dgram udp wait root internal
# chargen stream tcp nowait root internal
# chargen dgram udp wait root internal
# time stream tcp nowait root internal
# time dgram udp wait root internal
#
# These are standard services.
#
# ftp stream tcp nowait root /usr/sbin/tcpd wu.ftpd -l -i -a
# telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
#
# Use this one instead if you want to snoop on telnet users (try to use this
# for ethical purposes, ok folks?), and see 'man ttysnoop' and /etc/snooptab
# for further instructions:
# telnet stream tcp nowait root /usr/sbin/tcpd in.telnetsnoopd
#
# This is for BSD sendmail. NOTE: It's not a good idea to uncomment this
# one, since sendmail is already set up to run as a daemon in /etc/rc.d/rc.M.
# But, if you really want to run sendmail this way for some reason, you'll
# need to uncomment the smtp line below AND change the line in /etc/rc.d/rc.M
# to run sendmail like this: /usr/sbin/sendmail -q30m
# ...otherwise the queue will not be processed.
# smtp stream tcp nowait root /usr/sbin/tcpd sendmail -bs
#
# The comsat daemon notifies the user of new mail when biff is set to y:
# comsat dgram udp wait root /usr/sbin/tcpd in.comsat
#
# Shell, login, exec and talk are BSD protocols.
#
# shell stream tcp nowait root /usr/sbin/tcpd in.rshd -L
# login stream tcp nowait root /usr/sbin/tcpd in.rlogind
# exec stream tcp nowait root /usr/sbin/tcpd in.rexecd
# talk dgram udp wait root /usr/sbin/tcpd in.talkd
# ntalk dgram udp wait root /usr/sbin/tcpd in.talkd
#
# Kerberos authenticated services
#
# klogin stream tcp nowait root /usr/sbin/tcpd rlogind -k
# eklogin stream tcp nowait root /usr/sbin/tcpd rlogind -k -x
# kshell stream tcp nowait root /usr/sbin/tcpd rshd -k
#
# Services run ONLY on the Kerberos server
#
# krbupdate stream tcp nowait root /usr/sbin/tcpd registerd
# kpasswd stream tcp nowait root /usr/sbin/tcpd kpasswdd
#
# Pop et al
#
# pop2 stream tcp nowait root /usr/sbin/tcpd in.pop2d
# pop3 stream tcp nowait root /usr/sbin/tcpd in.pop3d
# The ipop3d POP3 server is part of the Pine distribution. If you've
# installed the Pine package, you may wish to switch to ipop3d by
# commenting out the pop3 line above, and uncommenting the pop3 line below.
# pop3 stream tcp nowait root /usr/sbin/tcpd ipop3d
# imap2 stream tcp nowait root /usr/sbin/tcpd imapd
#
# The Internet UUCP service.
#
# uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l
#
# Tftp service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers."
#
# tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
# bootps dgram udp wait root /usr/sbin/in.bootpd in.bootpd
#
# Finger, systat and netstat give out user information which may be
# valuable to potential "system crackers." Many sites choose to disable
# some or all of these services to improve security.
# Try "telnet localhost systat" and "telnet localhost netstat" to see that
# information yourself!
#
# finge stream tcp nowait nobody /usr/sbin/tcpd in.fingerd -u
# systat stream tcp nowait nobody /usr/sbin/tcpd /bin/ps -auwwx
# netstat stream tcp nowait root /usr/sbin/tcpd /bin/netstat -a
#
# Ident service is used for net authentication
#auth stream tcp wait nobody /usr/sbin/in.identd in.identd -w -t120 -l
#
# These are to start Samba, an smb server that can export filesystems to
# Pathworks, Lanmanager for DOS, Windows for Workgroups, Windows95, Lanmanager
# for Windows, Lanmanager for OS/2, Windows NT, etc.
# If you're running smbd and nmbd from daemons in /etc/rc.d/rc.samba, then you
# shouldn't uncomment these lines.
# netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd
# netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd
#
# Sun-RPC based services.
# <service name/version><sock_type><rpc/prot><flags><user><server><args>
#
# rstatd/1-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rstatd
# rusersd/2-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rusersd
# walld/1 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rwalld
ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd -i
#
# End of inetd.conf.
HELP ME!
nmap localhost:
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ (http://www.insecure.org/nmap/) )
Interesting ports on localhost (127.0.0.1):
(The 1496 ports scanned but not shown below are in state: closed)
Port State Service
1/tcp open tcpmux
11/tcp open systat
15/tcp open netstat
22/tcp open ssh
25/tcp open smtp
79/tcp open finger
80/tcp open http
111/tcp open sunrpc
119/tcp open nntp
143/tcp open imap2
515/tcp open printer
540/tcp open uucp
587/tcp open submission
635/tcp open unknown
1080/tcp open socks
1524/tcp open ingreslock
2000/tcp open callbook
3306/tcp open mysql
6000/tcp open X11
6667/tcp open irc
12345/tcp open NetBus
12346/tcp open NetBus
31337/tcp open Elite
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
/etc/inetd.conf:
# See "man 8 inetd" for more information.
#
# If you make changes to this file, either reboot your machine or send the
# inetd a HUP signal:
# Do a "ps x" as root and look up the pid of inetd. Then do a
# "kill -HUP <pid of inetd>".
# The inetd will re-read this file whenever it gets that signal.
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
# The first 4 services are really only used for debugging purposes, so
# we comment them out since they can otherwise be used for some nasty
# denial-of-service attacks. If you need them, uncomment them.
# echo stream tcp nowait root internal
# echo dgram udp wait root internal
# discard stream tcp nowait root internal
# discard dgram udp wait root internal
# daytime stream tcp nowait root internal
# daytime dgram udp wait root internal
# chargen stream tcp nowait root internal
# chargen dgram udp wait root internal
# time stream tcp nowait root internal
# time dgram udp wait root internal
#
# These are standard services.
#
# ftp stream tcp nowait root /usr/sbin/tcpd wu.ftpd -l -i -a
# telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
#
# Use this one instead if you want to snoop on telnet users (try to use this
# for ethical purposes, ok folks?), and see 'man ttysnoop' and /etc/snooptab
# for further instructions:
# telnet stream tcp nowait root /usr/sbin/tcpd in.telnetsnoopd
#
# This is for BSD sendmail. NOTE: It's not a good idea to uncomment this
# one, since sendmail is already set up to run as a daemon in /etc/rc.d/rc.M.
# But, if you really want to run sendmail this way for some reason, you'll
# need to uncomment the smtp line below AND change the line in /etc/rc.d/rc.M
# to run sendmail like this: /usr/sbin/sendmail -q30m
# ...otherwise the queue will not be processed.
# smtp stream tcp nowait root /usr/sbin/tcpd sendmail -bs
#
# The comsat daemon notifies the user of new mail when biff is set to y:
# comsat dgram udp wait root /usr/sbin/tcpd in.comsat
#
# Shell, login, exec and talk are BSD protocols.
#
# shell stream tcp nowait root /usr/sbin/tcpd in.rshd -L
# login stream tcp nowait root /usr/sbin/tcpd in.rlogind
# exec stream tcp nowait root /usr/sbin/tcpd in.rexecd
# talk dgram udp wait root /usr/sbin/tcpd in.talkd
# ntalk dgram udp wait root /usr/sbin/tcpd in.talkd
#
# Kerberos authenticated services
#
# klogin stream tcp nowait root /usr/sbin/tcpd rlogind -k
# eklogin stream tcp nowait root /usr/sbin/tcpd rlogind -k -x
# kshell stream tcp nowait root /usr/sbin/tcpd rshd -k
#
# Services run ONLY on the Kerberos server
#
# krbupdate stream tcp nowait root /usr/sbin/tcpd registerd
# kpasswd stream tcp nowait root /usr/sbin/tcpd kpasswdd
#
# Pop et al
#
# pop2 stream tcp nowait root /usr/sbin/tcpd in.pop2d
# pop3 stream tcp nowait root /usr/sbin/tcpd in.pop3d
# The ipop3d POP3 server is part of the Pine distribution. If you've
# installed the Pine package, you may wish to switch to ipop3d by
# commenting out the pop3 line above, and uncommenting the pop3 line below.
# pop3 stream tcp nowait root /usr/sbin/tcpd ipop3d
# imap2 stream tcp nowait root /usr/sbin/tcpd imapd
#
# The Internet UUCP service.
#
# uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l
#
# Tftp service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers."
#
# tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
# bootps dgram udp wait root /usr/sbin/in.bootpd in.bootpd
#
# Finger, systat and netstat give out user information which may be
# valuable to potential "system crackers." Many sites choose to disable
# some or all of these services to improve security.
# Try "telnet localhost systat" and "telnet localhost netstat" to see that
# information yourself!
#
# finge stream tcp nowait nobody /usr/sbin/tcpd in.fingerd -u
# systat stream tcp nowait nobody /usr/sbin/tcpd /bin/ps -auwwx
# netstat stream tcp nowait root /usr/sbin/tcpd /bin/netstat -a
#
# Ident service is used for net authentication
#auth stream tcp wait nobody /usr/sbin/in.identd in.identd -w -t120 -l
#
# These are to start Samba, an smb server that can export filesystems to
# Pathworks, Lanmanager for DOS, Windows for Workgroups, Windows95, Lanmanager
# for Windows, Lanmanager for OS/2, Windows NT, etc.
# If you're running smbd and nmbd from daemons in /etc/rc.d/rc.samba, then you
# shouldn't uncomment these lines.
# netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd
# netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd
#
# Sun-RPC based services.
# <service name/version><sock_type><rpc/prot><flags><user><server><args>
#
# rstatd/1-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rstatd
# rusersd/2-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rusersd
# walld/1 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rwalld
ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd -i
#
# End of inetd.conf.
HELP ME!