Accueil » Forum » Trisquel users
Soumis par amenex le jeu, 11/22/2018 - 17:01

Close open ports

3 réponses [Dernière contribution]
jeu, 11/22/2018 - 17:01
amenex
amenex
Hors ligne
A rejoint: 01/04/2015

While discussing the risks of having open ports, the question came up:
How do I detect open ports on my own computer?

To find those open ports on my local network, I ran this command:

sudo nmap -sS -Pn 192.168.1.0/29 > Desktop/nMap-192.168.1.0-29.txt

That disclosed the open ports 139, 445 and 8200. The first two rang alarm bells ...

How to close those ports ... searches in the Triaquel forum revealed lots
of suggestions of programs to install, but none are in the Triquel repository
available through Add/Remove Applications.

So I went to the Internet for relief:
https://www.binarytides.com/close-open-ports-manually-in-ubuntu/

and followed that advice: lsof -i :8200 [no response].
Similarly: lsof -i :139 ... lsof -i :445 ... [no responses].

I would like to think that nmap found those open ports because they were needed
just to run nmap and promptly closed them after the scan was complete.

The same scan listed more open ports on my network-attached printer, but those
seemed mostly specific to the printing process ... and I don't get unsolicited
printer output.

Similarly for my router, which has proven itself secure to date.

Another set of results, this time from netstat -lpn (truncated for clarity):

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN -
...
udp 0 0 192.168.1.2:45773 0.0.0.0:* -
...
udp 0 0 192.168.1.255:137 0.0.0.0:* -
udp 0 0 192.168.1.2:137 0.0.0.0:* -
... -
udp 0 0 192.168.1.255:138 0.0.0.0:* -
udp 0 0 192.168.1.2:138 0.0.0.0:* -
...
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
...
unix 2 [ ACC ] STREAM LISTENING 22066 1433/systemd /run/user/1000/systemd/private
...
unix 2 [ ACC ] STREAM LISTENING 20921 1502/dbus-daemon @/tmp/dbus-sn82wE13mp
unix 2 [ ACC ] STREAM LISTENING 20967 1442/mate-session @/tmp/.ICE-unix/1442
...
unix 2 [ ACC ] STREAM LISTENING 20968 1442/mate-session /tmp/.ICE-unix/1442
...

Netstat picks up the open ports 139, 445 and 8200, but none are associated with
a particular process, so it would appear that they are only actually opened
when tcp is going on (i.e., during an nmap scan). Am I correct to relax now ?

Thanks,
George Langford

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
sam, 11/24/2018 - 17:48
#1
SuperTramp83
SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

>To find those open LISTENING ports

You want to focus only on the listening ones and those that are listening to the interwebz, ignore those listening to localhost.
The command is:

sudo ss --tulpn

or if you prefer the deprecated netstat:

sudo netstat -tulpn

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
sam, 11/24/2018 - 19:41
#2
loldier
loldier
Hors ligne
A rejoint: 02/17/2016

Small correction:

sudo ss -tulpn

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
dim, 11/25/2018 - 23:16
#3
SuperTramp83
SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

yep, tx for the correction, cat :)

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines