open ports
Gabriel M Dragffy
dragffy at yandex.ru
Sun Sep 3 20:36:33 UTC 2006
On Sun, 2006-09-03 at 14:11 +0100, Tony Arnold wrote:
> On Sun, 2006-09-03 at 08:51 -0400, dalila at despiertapr.com wrote:
> > aside from ssh how did all these ports remain open on a desktop installation?
> > also how can i close them?
> >
> > PORT STATE SERVICE
> > 13/tcp filtered daytime
> > 19/tcp filtered chargen
> > 22/tcp open ssh
> > 111/tcp filtered rpcbind
> > 135/tcp filtered msrpc
> > 136/tcp filtered profile
> > 137/tcp filtered netbios-ns
> > 138/tcp filtered netbios-dgm
> > 139/tcp filtered netbios-ssn
> > 445/tcp filtered microsoft-ds
> > 512/tcp filtered exec
> > 513/tcp filtered login
> > 543/tcp filtered klogin
> > 544/tcp filtered kshell
> > 707/tcp filtered unknown
> > 1433/tcp filtered ms-sql-s
> > 1720/tcp filtered H.323/Q.931
>
> Apart from the ssh port, all the other ports are firewalled off
> somewhere, either by firewall settings on your desktop, or by some other
> firewall that's between the scanning machine and the desktop machine.
>
> The difference is that a firewall will silently drop any packets
> arriving on these filtered ports, whereas a system that is just not
> listening on these ports will respond with a negative acknowledgement.
> Utilities such as nmap use this to distinguish the two cases.
>
> Regards,
> Tony.
> --
> Tony Arnold, IT Security Coordinator, University of Manchester,
> IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
> T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
> E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
>
If you read the nmap documentation "filtered" is an alias for "not
open". This is the result you get when the ports are closed and the host
responds with a reject packet, rather than dropping the packets. The
result that you show is what you will get if you run nmap on the
localhost, however a scan from a remote computer will reveal only ssh is
open. If you want your machine to be invisible by dropping all packets
instead of rekecting them, I recommend firehol. Install it and edit
firehol.conf. You probably want something like:
interface eth+ internet
client all accept
protection strong 10/sec 10
policy deny
server shh accept
and that's it, it'll keep you ssh open to the outside world.
More information about the ubuntu-users
mailing list