 | | | Subject: closing ports on RH7.2 | Subject: closing ports on RH7.2 2003-10-04 - By Eric Koldeweij
Back
2003 AD wrote:
> Thanks everyone for your responses.
>
>
> i did go to grc.com and although i have many ports open - it reads
> them as stealth which according to the site it's a good thing. Would
> anyone know what stealth indicates? The ports which were open and not
> stealth were 21, 80, 110.
>
> Here are a few ports which are open:
>
> 32768
> 1025
> 98
> 995
> 389
> 32774
> 9128
> 9130
> 3306
> 10443
>
>
> How do i tell who's using what? And is it important?
As root, adding the -p option to netstat (e.g. netstat -tuap) also tells
you which process has opened the port. The file /etc/services contains a
list of widely used ports and what for. From that file you can learn
that port 21 is for ftp services (wu-ftpd usually), 80 is for www
services (apache usually) and 110 is for POP3 (ipop3d usually). If you
are not using any of these services (mind, they are services provided to
the outside world from your box, not services you are using yourself as
client) I suggest you close the appropriate service down.
As for the other ports I found in /etc/services the following references:
32768 (probably) rpc.statd
1025 ???
98 linuxconf
995 POP3 over SSL
389 ldap
32774 (probably) rpc related
9128 ???
9130 ???
3306 mysql
10443 ???
If you don't want these services to be publicly available (and I guess
you don't) you should either close the service if you're not using it or
block it using the firewall.
Eric.
|
|
|