Close open ports
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
While discussing the risks of having open ports, the question came up:
How do I detect open ports on my own computer?
To find those open ports on my local network, I ran this command:
sudo nmap -sS -Pn 192.168.1.0/29 > Desktop/nMap-192.168.1.0-29.txt
That disclosed the open ports 139, 445 and 8200. The first two rang alarm bells ...
How to close those ports ... searches in the Triaquel forum revealed lots
of suggestions of programs to install, but none are in the Triquel repository
available through Add/Remove Applications.
So I went to the Internet for relief:
https://www.binarytides.com/close-open-ports-manually-in-ubuntu/
and followed that advice: lsof -i :8200 [no response].
Similarly: lsof -i :139 ... lsof -i :445 ... [no responses].
I would like to think that nmap found those open ports because they were needed
just to run nmap and promptly closed them after the scan was complete.
The same scan listed more open ports on my network-attached printer, but those
seemed mostly specific to the printing process ... and I don't get unsolicited
printer output.
Similarly for my router, which has proven itself secure to date.
Another set of results, this time from netstat -lpn (truncated for clarity):
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN -
...
udp 0 0 192.168.1.2:45773 0.0.0.0:* -
...
udp 0 0 192.168.1.255:137 0.0.0.0:* -
udp 0 0 192.168.1.2:137 0.0.0.0:* -
... -
udp 0 0 192.168.1.255:138 0.0.0.0:* -
udp 0 0 192.168.1.2:138 0.0.0.0:* -
...
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
...
unix 2 [ ACC ] STREAM LISTENING 22066 1433/systemd /run/user/1000/systemd/private
...
unix 2 [ ACC ] STREAM LISTENING 20921 1502/dbus-daemon @/tmp/dbus-sn82wE13mp
unix 2 [ ACC ] STREAM LISTENING 20967 1442/mate-session @/tmp/.ICE-unix/1442
...
unix 2 [ ACC ] STREAM LISTENING 20968 1442/mate-session /tmp/.ICE-unix/1442
...
Netstat picks up the open ports 139, 445 and 8200, but none are associated with
a particular process, so it would appear that they are only actually opened
when tcp is going on (i.e., during an nmap scan). Am I correct to relax now ?
Thanks,
George Langford
>To find those open LISTENING ports
You want to focus only on the listening ones and those that are listening to the interwebz, ignore those listening to localhost.
The command is:
sudo ss --tulpn
or if you prefer the deprecated netstat:
sudo netstat -tulpn
Small correction:
sudo ss -tulpn
yep, tx for the correction, cat :)
- Vous devez vous identifier ou créer un compte pour écrire des commentaires