have tried to close ports 443,80,22 & 23 without success.Does anybody have any idea how to do this. I close them in a terminal and their still opened. I closed them in services and their still open what am I not doing right?
View 14 Replieshow can i close all of ports and open ssh only?
View 6 Replies View RelatedI have installed Debian Jessie (<-- brilliant OS ) on my uncles Laptop (it is a Thinkpad E540) with Cinnamon as desktop environment. The installation was no problem. Everything apart from one minor thing works nicely. The minor thing however is the following:
I don't know what it is, but when I don't use a particular usb port for a while and then try to plug in a usb stick or a wacom tablet, it doesn't get recognized, it doesn't show up when I use f.e. Code: Select alllsusb. When I close the lid of the laptop and open it again, then the particular usb device gets recognized and cinnamon asks me what to do, f.e. open a folder and show the content of the usb stick I have plugged in. Because of the success on two other laptops I use the following
Code: Select all# /etc/systemd/system/powertop.service
[Unit]
Description=Powertop tunings
[Service]
Type=oneshot
RemainAfterExit=no
ExecStart=/usr/sbin/powertop --auto-tune
Environment="TERM=xterm"
[Install]
WantedBy=multi-user.target
to save power on the Thinkpad (this is in no way my service script, I tuned everything using powertop in the terminal after having had logged in, the script above stems from a brilliant user here on the forum). Could it therefore be autosuspend that is not working properly here?
I was port scanning my computer and i found some open ports. How would i close these ports so they cannot be remote accessed?
View 1 Replies View RelatedI have open ports on my computer for vsftpd, pptpd, and I need help to filter this ports because they aper as open ports on internet, and this is pretty risky
View 3 Replies View RelatedI scanned my newly installed Debian 8 and found that i have two ports open.
22 for ssh which i want
111 can i safely close port 111 and how?
I downloaded IPKungFu which is supposed to do this for me, except it did not according to a penetration site. configure IPKungFu perfectly. I did look at this site. IPKungFu easy iptables based server firewall - zarzax the blog I downloaded IPKungFu which is supposed to do this for me, except it did not according to a penetration site. Help me configure IPKungFu perfectly. I did look at this site. IPKungFu easy iptables based server firewall - zarzax the blog
Results
rv @rv-laptop:~$ sudo ipkungfu
Checking integrity: ..PASSED
Checking MD5 Hash of config files:OK
[code]....
I just discovered that my server is sending huge amount of data out at about 1Mbps. My immediate thought was the deluge bittorrent client, however it is supposedly not running (and a check confirmed its total active torrents was set to 0). I turned off the network and went in to Firestarter to set the outbound traffic to restrictive, turned on network again and no more data was sent. A look in Firestarter / Events showed a long list of random ports being used (see further down). How can I identify what program is sending all the data?
In Firestarter it doesn't really say much more than the port. Not sure if it is some misconfigured program or a malware/virus. I just got my ADSL connected a few days ago, and before that I used a mobile broadband (3G) as I just relocated. During the period I used the 3G the server might have been without firewall for a few days and it was also at this time I discovered an increase in network traffic (but I didn't really pay much attention at that time). I am running Fedora 10.
List of events from firestarter, my server is 192.168.1.100:
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:39435 Source:192.168.1.100 Destination:58.208.xxx.56 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:6990 Source:192.168.1.100 Destination:112.94.xxx.212 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:2973 Source:192.168.1.100 Destination:118.93.42.xxx Length:129 TOS:0x00 Protocol:UDP Service:Svnetworks .....
Tried google and searching this forum to no avail. Under Fedora 14, there is an selinux policy which blocks sshd from making outbound connections on port 80 or 443. This can occur when a client box tries to tunnel through the ssh connection for encrypted access to the web.
While I did manage to allow this happen by creating a permissive domain for sshd with this command:
Code:
The preferred way would be to allow sshd to make connection on other ports with a similar command that does not seem to work:
Code:
Is this the correct way of allowing an outbound port connection for the sshd daemon?
How can I tell if my USB ports are 2.0 ports?
View 1 Replies View RelatedIs there anyway i can ssh/rdp/telnet into my server from the outside bypassing comcast ALL blocked ports
View 1 Replies View RelatedAfter reading a lot about networking and security I decided to check the security of my own ubuntu box. So I went installing Nmap and discovered that port 139 was "open". Since I 'd read how to use ufw I created a deny rule for port 139. After a second scan with Nmap it still said that port 139 was open as shown below.
[Code]...
I'm locking down my laptop. I know I can use a firewall to ensure nothing gets through that I didn't catch, and I certainly plan on using one, but in the meantime, I want to know what exactly is running on my system.
nmap localhost returns:
Code:
james@james-linux:~$ nmap localhost
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
Not shown: 994 closed ports
PORT STATE SERVICE
25/tcp open smtp
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
However, I know that localhost goes back to the loopback interface, 127.0.0.1. So, to see what was really open, I ran nmap 192.168.0.108, which is my laptop's IP at the moment.
Code:
james@james-linux:~$ nmap 192.168.0.108
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Interesting ports on 192.168.0.108:
Not shown: 996 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Now if I understand correctly, I can attribute 139 and 445 to my Samba share. That I'm okay with. What I don't know is 111 and 2049. Does anyone know what these ports are, what's running on them, and how I could turn them off, supposing that they are a security risk?
I'm getting heat from the head networking office that ports 21, 110, and 143 are open. I can telnet to those ports from a remote machine (not localhost) and get a prompt. There does not seem to be anything listening on those ports according to netstat. I've tried using iptables to discard all traffic to a from those ports but I can still telnet to them. This is a lucid desktop machine.
View 4 Replies View RelatedWe do NOT support samba on our Unbuntu servers but still zillions of windows machines are constantly trying to connect on the SMB ports. I've added a rule that drops access to destination ports 137-138 and that seems to work. But it creates many many log entries documenting that the packet has been dropped. I've been researching and cannot come up with a way to suppress logging for these drops.
View 4 Replies View Relatedlooking at my router logs i've noticed for the past while a range of source ports from 60000 to about 65000 from my source external ip to destination external ip always on port 80. I have 3 boxes on this network and this only seems to happen when i connect the one laptop. I even reinstalled the distro downloaded from trusted source but the router is still logging this.. netstat -ntulp shows nothing operating in this range. chkrootkit shows nothing.. Was thinking maybe someone was spoofing the external address but it's been happening on network startup for a month now
View 4 Replies View RelatedI enabled ufw yesterday, and am finding log entries like:
Jun 30 13:07:51 xxxx kernel: [15702368.296557] [UFW BLOCK] IN=eth1 OUT= MAC=00:22:19:5e:8f:23:00:0c:db:fc:8b:00:08:00 SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=47632 PROTO=TCP SPT=58875 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0
What is puzzling is I did the command: ufw allow 80.
I installed Ubuntu 9.10 recently. I heard that there will be no open ports in the system unless I specifically open one. How do I scan to find a open port in my system.
View 9 Replies View Relatedwhen i enable my ufw it completely shuts me out and closed my internet connection. i installed firewall configuraiton interface and through it defined rules to accept incoming internet connections on port 80, i can see the rules are there but when i enable my firewall it just shuts me out completely again.
when i do(with my firewall enabled):
Code:
$ sudo ufw status
it gives me:
Quote:
Status: active
[Code].....
I also messed around with fwbuilder and iptables but since then deleted fwbuilder(besides i just compiled firewall policy and never actually installed it because of errors while trying to install it. Iptables I cleared with:
Code:
$ sudo iptables -F
I know how to forward ports in my router. Now I need to open a port to help with testing a project and no matter what I've tried, every port under 1055 shows up as stealthed (with 1-71 closed) according to Shields Up! I'm happy to run it at a port > 1024, but whatever I try also shows up stealthed. I even tried (briefly) turning on DMZ and still the same thing. My ISP swears that they only block port 80, 21 and 25, none of which I'm trying to use. UFW status reports inactive and I'm not using firestarter. I'm not running any other server (apache, light speed etc). If it's not my router and it's not my ISP, and there's no other server apps running, then that kind of leaves Ubuntu as far as I can see,
View 8 Replies View Relatedhow to block all ports except pop,pop3,smtp in nat using iptables in squid on redhat A3
View 2 Replies View RelatedWhat ports does Firefox use to connect to the Internet?
View 9 Replies View Relatedmy ufw rules have been loaded and active yet using iptraf i see tcp connections on ports that were never allowed by ufw. can anyone explain this too me does ufw just not work?
View 6 Replies View RelatedWhat are the security implications of closed ports?
View 5 Replies View RelatedWhat is happening when I log in to my Ubuntu server machine via ssh and putty. trying to understand everything, primarily securing my server.
I have specified the ssh server to listen on port 5525, and can login without a problem.
When I look at the logs though it says I connected from xxx.xx.xx.xx on port 53602.
What is happening here and why is the logged connection a different port to the one specified in the config file?
Quote:
A year ago I blogged about how hackers managed to hijack hundreds of high-profile websites to make them promote online stores that sold pirated software at about 5-10% of a real cost. They used quite a standard scheme that involved cloaking (making spammy links visible only to search engine crawlers) and conditional redirects (visitors from search engines who clicked on specifically-crafted links on compromised sites got redirected to online stores of software pirates)
Despite of all my warnings, most of those site are still hacked and help sell pirated software and steal credit card numbers. This negligence of site/server administrators encouraged cyber criminals to step even further in abusing reputation and resources of compromised servers. This post will be about one of such steps.
I've recently been taking a look at my router settings and I've realized i have my vnc port open for some reason. I don't know how or why it got opened because I've only used vnc within my private lan. Anyway, the problem is I couldn't figure out how to close that port on my router, so I just uninstalled all the vnc software from my computer so it wouldn't act like a vnc server for anybody trying to access it from the outside. So, effectively, I cannot vnc into my computer from outside my private lan, but when i port scan my public ip, the vnc port still appears open.
I'm wondering if there's something i'm missing. I'm sure it must be something in the router that I haven't figured out... something that's keeping port 5900 open.
while hardening a red hat enterprise 5 installation I have done something that causes the sessions of all user accounts except root to close immediately after authentication. in the /var/log/secure log file it will show three log entries per attempt:
<date/time><hostname> login: pam_unix(login:session): session opened for user fred by LOGIN(uid=0)
<date/time><hostname> login: LOGIN ON tty1 BY fred
<date/time><hostname> login: pam_unix(login:session): session closed for user fred
Since I did a number of things and have not been able to identify what caused this.
I have been able to set up all of the usual wireless network services with the gnome desktop but I have had no success with the KDE desktop. I have tried to reconfigure the network settings but to no avail. Maybe I'm doing something wrong. Any thoughts?
View 1 Replies View RelatedI am trying to configure Bittorando and iptables using Firestarter. I have got it working but am concerned about security holes.
Let me explain.
AIUI, the Bittornado program contacts the "tracker" on various ports which (from the previously blocked connections in Firestarter) ranged from 4664 to 65532. Therefore, currently I have set this range to be open to allow downloads of the torrent.
However, this seems, IMHO, to devalue to point of having a restrictive exit policy for Firestarter since now virtually all ports are open. I can see nothing on the Bittornado client to restrict the outgoing ports although the "listening" (incoming) ports can be restricted.
I would prefer to have my system locked-down so that the minimal number of ports are open to initiate external connections so is there any way to achieve this with Bittornado?