[NCLUG] Closing ports

dobbster dobbster at dobbster.com
Sun Apr 22 05:14:15 MDT 2001


By the way, I do have all of these ports commented out in /etc/services,
although I haven't rebooted or anything since I commented them out.  Does this
make a difference?

dobbster wrote:
> 
> Hello...
> 
> Every day I have to look at annoyingly long server logs from the "portsentry"
> software.  In essence, it shows the entries in /var/log/messages where bad guys
> are trying to get into my open ports.  Usually these are 111, 1080, and 143 -
> All services I have disabled (I am aware of the security risks, and I don't need
> any of these services.)  111 (portmapper/RPC) gets hit the most.
> 
> nmap or netstat -l shows these ports as "open" or "listening".  I know there are
> not any server daemons actually listening to these ports, so why are they still
> showing up as open?  Is there any way to close them?  My uneducated guess is
> that the kernel may automatically handle some of them, but would this be also
> true of ports like 6667 (irc)?  It seems as if there ought to be a simple
> mechanism for just shutting down TCP/UDP ports, but I am not aware of any
> (except ipchains, etc.)
> 
> Even if there aren't any real security risks here, I'd love to shorten the huge
> "system attack" messages I get every day.  It seems our servers get scanned by
> dozens of machines every day, and it really clutters up the logs.
> 
> Thanks in advance for your great collective wisdom and advice,
> 
> Mark (dobbster at dobbster.com)
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug



More information about the NCLUG mailing list