I did a port scan of my system and this is what i got. I would like to leave the ftp and http ports oppen so I can play around with them but anything else I do not need I would Like to close.


Port State Protocol Service (RPC)
1 open tcp tcpmux
11 open tcp systat
15 open tcp netstat
21 open tcp ftp
23 open tcp telnet
79 open tcp finger
80 open tcp http
98 open tcp linuxconf
111 open tcp sunrpc (portmapper V2)
113 open tcp auth
119 open tcp nntp
143 open tcp imap2
513 open tcp login
514 open tcp shell
515 open tcp printer
540 open tcp uucp
635 open tcp unknown
1024 open tcp unknown
1026 open tcp nterm
1032 open tcp iad3
1080 open tcp socks
1524 open tcp ingreslock
2000 open tcp callbook
6000 open tcp X11
6667 open tcp irc
12345 open tcp NetBus
12346 open tcp NetBus
31337 open tcp Elite
32771 open tcp sometimes-rpc5
32772 open tcp sometimes-rpc7
32773 open tcp sometimes-rpc9
32774 open tcp sometimes-rpc11

wow, looks like you need to do two things right away !!!
comment out everything in /etc/inetd.conf except for ftp and http and then restart inetd by issueing a 'killall -HUP inetd' in the commandline (without the single quotes) as root.

second thing is run on over to
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html

and read the TrinityOS document. in it is a great ipchains strong ruleset that has tons of comments so you can do everything you need to do.

[This message has been edited by :david: (edited 02 February 2000).]

That is a seriously scary list of open ports... please tell me you didn't leave that online overnight, cause if so, you might as well re-install now.

i kindof agree with toolie

you need to go into your init scripts and turn off (comment out) all the rpc crap and the rest that you don't need that's not run from inetd.
why in the world is 6667 (irc) open ???
it shouldn't be open unless you're running an irc server. i've NEVER had mine open.

which distro are you using ? i think the linux community really needs to get more concerned about 'secure by default' distributions. having the whole machine open on a fresh install is the worst policy, end of story.

Hes prolly running portsentry guys...at least I hope he is http://www.linuxnewbie.org/ubb/smile.gif.

I am running Redhat 6.1 and yes I have portsentry installed.

If you are running RedHat, have you been keeping up with all the security updates that they put out? If not, I would just go ahead and reinstall the system now.

How is that box connected to the net? Cable/DSL/ISDN? Or is it on something like a dial-up? How often/long is it online?

Dude don't reinstall you system...geez!!! Portsentry ""listens"" on these ports for ""tried"" connections. That is why they appear to be open but you cannot actually connect to them and if you compiled it with support for tcp wrappers then their ip would be blocked via hosts.deny. The easy way to tell what you are running is shut off your portsentry script and then do a netstat -vat to see what is up. Then you can comment out what you don't need ( which is usually ftp port 21, web port 80, telnet via ssh2 port 22 ) in etc/inetd.conf.

bringing back the dead.
just installed portsentry an noticed that I too have all those ports open. was scary. but now I read this so i'm not scared anymore. heh.