Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Open Ports

Posted on 2001-07-27
11
Medium Priority
?
237 Views
Last Modified: 2010-03-18
Hi,
I did a port scan of my computer (Mandrake 8.0) and found these ports to be open.

22-ssh
25-smtp
111-sunrpc
617-unknown
631-unknown
6000-X11
32770-sometimes-rpc3
0
Comment
Question by:zxcvzxcv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 1

Author Comment

by:zxcvzxcv
ID: 6328800
Which of these do I really need open?
0
 
LVL 1

Expert Comment

by:dkloes
ID: 6328963
ssh has functionality similar to rlogin, rsh, rcp but uses encryption to provide more security
rpc is used primarily for nfs
smtp is used for mail transport
X11 is used for X Windows

Which of these you do not need depends on how your system is setup and what your requirements are.  Experts will need more information about your system to provide any further guidance.
0
 
LVL 4

Expert Comment

by:kannabis
ID: 6329021
the sunrpc port is one of the biggest security vulnerabilities.  If you have this system connected to the internet without a firewall...then if would definatly shut that port down.

0
How to Create Failover DNS Record Sets in Route 53

Route 53 has the ability to easily configure DNS record sets specifically for failover scenarios. These failover record sets can be configured to failover to full-blown deployments in other regions or to a static HTML page that informs your customers of the issue.

 
LVL 1

Author Comment

by:zxcvzxcv
ID: 6329045
Sorry for the lack of detail. I use ssh and X11. I just used msec (Mandrake Security tool) to up my security to server level and then back to normal level. This has closed off all ports but ssh and X11 (I uninstalled the SMTP mail server) Should any of the other ports be re-exposed to the internet? Why does the X Windowing system open a TCP port, does this need to be accessable to the world or just the machine internally?
0
 
LVL 4

Expert Comment

by:garisoain
ID: 6329237
Can be Both...

The X-Server listens on the port, and IF YOU ALLOW (via the "rhost" command) other addresses, they can display their applications on YOUR screen... =)

Access to this service is managed via the "rhost" (again) command, by default, only localhost, and the user that started the server are allowed to send applications to the X server.

It's a great feature on X11... =)

=)
-garisoain

0
 
LVL 1

Author Comment

by:zxcvzxcv
ID: 6329261
So If my only uses for X11 are local (and remote through a vnc server). Do I need this port open or closed
0
 
LVL 4

Accepted Solution

by:
garisoain earned 300 total points
ID: 6330663
open...

the default security for that port is pretty good...

-garisoain
0
 
LVL 1

Author Comment

by:zxcvzxcv
ID: 6332247
Is there a way to close off a port from the internet, without un-installing the software that's using that port, and with out using a super restrictive fire wall?
0
 
LVL 4

Expert Comment

by:garisoain
ID: 6334472
if you need only to close the port from the interntet, ipchains/iptables will do the job.

if your kernel is 2.2.x : man ipchains
if your kernel is 2.4.x: man iptables

hope this helps
-garisoain
0
 
LVL 1

Author Comment

by:zxcvzxcv
ID: 6336736
thanks
0
 
LVL 1

Author Comment

by:zxcvzxcv
ID: 6336739
how can I get to that under Mandrake 8.0? (kernel 2.4.3)
No manual entry for iptables. the iptables command doesn't do anything either.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question