Re: What services are using these ports?

Tue, 15 Oct 2002 20:06:06 -0700 

On Tue, Oct 15, 2002 at 11:16:10PM -0400, Marc Shapiro wrote:
>       Port    Service                 Comments
>       ----    ----------------        --------------------------------
>          9    discard                 What is this?

Standard TCP service from inetd.  It can be disabled by "update-inetd
--disable discard"

>         13    daytime                 What is this?

Standard TCP service from inetd.  It can be disabled by "update-inetd
--disable daytime"

>         21    ftp                     OK

This is the FTP port.  If you want to get rid of it, uninstall any ftpd
you might have.  If you have no such daemon installed, then try
"update-inetd --disable ftp"

>         22    unassigned              Is this talkd?

This would be SSH, as far as I know.  I would keep this as it's good for
remote login...better than telnet as a matter of fact because it's
encrypted, and I don't know what kind of lusers you have on your college
campus.

>         23    telnet                  OK
>         25    smtp                    I dont have smtpd running and do
>                                       not plan to set up a mail server.
>                                       Is this exim listening here?

Exim is listening here.  You can make it stop by putting this in your
exim.conf file:
local_interfaces = 127.0.0.1
As that file says, "# This will cause exim to accept mail only from the
local (network) interface"

>         37    time                    This should stay?

Another standard TCP service.  Disable by "update-inetd --disable time"

>         79    finger                  This is gone, already.
>        111    sun RPC                 portmapper?  Do I need this?

Unless you're sharing NFS shares, you really don't need portmapper.  I
would remove it.

>        113    authentication          What is this?

This is auth, the auth daemon.  This usually is not exploitable.  I have
nullidentd installed myself, because sometimes it's required to connect
to SMTP servers or IRC servers.

>        515    printer                 No printer currently attatched,
>                                       but not a problem.

May I suggest that you read the Securing Debian Guide at
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html .
Everything I told you in this section is listed in there.

Happy to help,

-- 
------------------------------------------
Edward Guldemond

Key fingerprint:  29FF 2969 A04E F934 3F03  
                  4329 BC56 3AA7 2F57 6735

Attachment: msg07279/pgp00000.pgp
Description: PGP signature

Reply via email to