Inicio » Foro » Debate e axuda para usuarios de fala inglesa
Enviado por amenex o Xov, 11/22/2018 - 16:01

Close open ports

3 respostas [Última entrada]
Xov, 11/22/2018 - 16:01
amenex
amenex
Desconectado
Joined: 01/03/2015

While discussing the risks of having open ports, the question came up:
How do I detect open ports on my own computer?

To find those open ports on my local network, I ran this command:

sudo nmap -sS -Pn 192.168.1.0/29 > Desktop/nMap-192.168.1.0-29.txt

That disclosed the open ports 139, 445 and 8200. The first two rang alarm bells ...

How to close those ports ... searches in the Triaquel forum revealed lots
of suggestions of programs to install, but none are in the Triquel repository
available through Add/Remove Applications.

So I went to the Internet for relief:
https://www.binarytides.com/close-open-ports-manually-in-ubuntu/

and followed that advice: lsof -i :8200 [no response].
Similarly: lsof -i :139 ... lsof -i :445 ... [no responses].

I would like to think that nmap found those open ports because they were needed
just to run nmap and promptly closed them after the scan was complete.

The same scan listed more open ports on my network-attached printer, but those
seemed mostly specific to the printing process ... and I don't get unsolicited
printer output.

Similarly for my router, which has proven itself secure to date.

Another set of results, this time from netstat -lpn (truncated for clarity):

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN -
...
udp 0 0 192.168.1.2:45773 0.0.0.0:* -
...
udp 0 0 192.168.1.255:137 0.0.0.0:* -
udp 0 0 192.168.1.2:137 0.0.0.0:* -
... -
udp 0 0 192.168.1.255:138 0.0.0.0:* -
udp 0 0 192.168.1.2:138 0.0.0.0:* -
...
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
...
unix 2 [ ACC ] STREAM LISTENING 22066 1433/systemd /run/user/1000/systemd/private
...
unix 2 [ ACC ] STREAM LISTENING 20921 1502/dbus-daemon @/tmp/dbus-sn82wE13mp
unix 2 [ ACC ] STREAM LISTENING 20967 1442/mate-session @/tmp/.ICE-unix/1442
...
unix 2 [ ACC ] STREAM LISTENING 20968 1442/mate-session /tmp/.ICE-unix/1442
...

Netstat picks up the open ports 139, 445 and 8200, but none are associated with
a particular process, so it would appear that they are only actually opened
when tcp is going on (i.e., during an nmap scan). Am I correct to relax now ?

Thanks,
George Langford

Superior
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Sáb, 11/24/2018 - 16:48
#1
SuperTramp83
SuperTramp83

I am a translator!

Desconectado
Joined: 10/31/2014

>To find those open LISTENING ports

You want to focus only on the listening ones and those that are listening to the interwebz, ignore those listening to localhost.
The command is:

sudo ss --tulpn

or if you prefer the deprecated netstat:

sudo netstat -tulpn

Superior
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Sáb, 11/24/2018 - 18:41
#2
loldier
loldier
Desconectado
Joined: 02/17/2016

Small correction:

sudo ss -tulpn

Superior
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Dom, 11/25/2018 - 22:16
#3
SuperTramp83
SuperTramp83

I am a translator!

Desconectado
Joined: 10/31/2014

yep, tx for the correction, cat :)

Superior
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines