laiback Posted May 29, 2006 Report Share Posted May 29, 2006 Please forgive my ignorance but I am new to Linux, Mandriva and especially the forum. I have read some of the security messages and came to realise that instead of having my Firewall on, as I thought was the default, it was turned off ! ah!!. So thanks for that as I changed the settings immediately. However, I have also run KDE System Guard which I found under Monitoring. When I display a graph called Network/Sockets/raw/Table I can see at least 4 ports/lines all the time. They are identified as ports 7741, ipp, X11 and local host 5353. Is this normal and if not what should I do to correct this situation? I'm running Mandriva 2006 (free edition) on an AMD K6 400 Mz, 512Mb ram with exchangeable caddy hard drives. Many thanks for your time. [moved from Software by spinynorman] Quote Link to comment Share on other sites More sharing options...
daniewicz Posted May 30, 2006 Report Share Posted May 30, 2006 (edited) Well I am not a security expert by any means but I will try to get this thread active. According to my ports list, 7741 is unassigned and 5353 is for multicast DNS. I am a Mandriva 2005 user running the native firewall "shorewall" accessed from within MCC. I have DSL using a Westell ethernet modem. When I used the KDE system guard as you specified I did not see any raw sockets listed. What kind of internet connection do you have? Are you using shorewall? If you are using shorewall, how did you configure things within MCC? Oh and welcome to the MUB! :D Edited May 30, 2006 by daniewicz Quote Link to comment Share on other sites More sharing options...
coverup Posted May 30, 2006 Report Share Posted May 30, 2006 (edited) I am not a security expert either, but my rule of thumb is to turn off all services which have anything to do with network, except for the vital ones, i.e., network. Edit: according to this post, http://www.niscc.gov.uk/niscc/docs/br-2002...71.html?lang=en 7741 is default for LISa, the Linux version of the network neighborhood. It's a totally useless service. Stop it, then check the list of open ports. Edited May 30, 2006 by coverup Quote Link to comment Share on other sites More sharing options...
daniewicz Posted May 30, 2006 Report Share Posted May 30, 2006 Good advice regarding services coverup. laiback: MCC -> System -> Enable or disable system services Quote Link to comment Share on other sites More sharing options...
laiback Posted May 30, 2006 Author Report Share Posted May 30, 2006 Thank you for these replies. daniewicz: I'm using the standard firewall as supplied with Mandriva 2006 and have configured it from the ..Configure Your Computer System...off the pop up LHS menu system (supplying root pswd as requested). I'm using a USB modem, Thompson Speedtouch 330 over a broadband connection. Where do you find a list of port useage?, I'm in the dark here and am amazed that you know what all the numbers are for. coverup: WWW ref. I've printed off the notes and will see if I can follow the advice. I was suprised to find that I ended up on a page giving support for Lisa in Suse. Does Mandriva use the same system as this? Will report again later whan I have acted on the above. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted May 30, 2006 Report Share Posted May 30, 2006 This is a link I use for ports: http://www.iana.org/assignments/port-numbers this usually helps to find out if the open port is a problem, or something to remove if not being used. Quote Link to comment Share on other sites More sharing options...
laiback Posted May 30, 2006 Author Report Share Posted May 30, 2006 ianw1974: Many thanks for the reference...went over straight away. Very interesting. Whilst I was there would you believe it, the firewall reported a port scanning attack. I've blacklisted it. Quote Link to comment Share on other sites More sharing options...
coverup Posted May 30, 2006 Report Share Posted May 30, 2006 (edited) coverup: WWW ref. I've printed off the notes and will see if I can follow the advice. I was suprised to find that I ended up on a page giving support for Lisa in Suse. Does Mandriva use the same system as this? Don't worry about the content of that link. The only important piece of information on that page is that the port 7741 is used by LISa. Stopping LISa service should close this port. Edit: Mandrake/Mandriva enables LISa during installation. While it could be useful on a large corporate firewalled network you won't use it at home. Stop it. Edited May 31, 2006 by coverup Quote Link to comment Share on other sites More sharing options...
laiback Posted May 31, 2006 Author Report Share Posted May 31, 2006 coverup: Thanks for your latest info. I came to the conclusion that I couldn't/shouldn't use any of the files on that site as they are all Debian versions. So I went to my Update mirror service to see if there were any security issues with Lisa, couldn't find anything on the Mandriva sites. When you say .."Edit: Mandrake/Mandriva enables LISa during installation"..." are you saying that I need to reinstall my entire system? or that I could edit some file which would affect bootup? I've searched out the port refs that I noted and they are as follows:- 7741 is Lisa . ipp is 631/tcp or 631/udp internet printing protocol. X11 is 6000-6063/udp X windows system. 5335 unassigned but noted as local host on my system. Sorry to be a pain but, how do I close a port? Thanks Thanks Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted May 31, 2006 Report Share Posted May 31, 2006 This is what I normally do: urpme lisa this will remove lisa. Or, you can disable the service but leave it installed, with: chkconfig lisa off service lisa stop first, it will turn the service off for when you reboot, and the second command stops it to save you from rebooting. Port 631 is cups, and you need this for printing. 5335 is also enabled on my machine, but I can't find anything as to what it is, but ignore it. X11 ports are OK, they are your xorg. The easiest way to ensure security is install shorewall, then you have a firewall to protect against open ports. If you are already behind a firewall then don't worry about these ports. And if they're open against localhost/127.0.0.1 nobody except yourself will be able to connect to them anyway, as they aren't bound to a network card. If you do this at the command prompt for me: chkconfig --list and copy the full output, I can tell you what other services you can stop/remove from your system. Quote Link to comment Share on other sites More sharing options...
laiback Posted May 31, 2006 Author Report Share Posted May 31, 2006 ianw1974: Thanks, I'm on the case. Quote Link to comment Share on other sites More sharing options...
laiback Posted May 31, 2006 Author Report Share Posted May 31, 2006 ianw1974: Done as you suggested. Lisa now off and gone from the System load graphs. Used the second version to stop it rather than kill it off with urpme. Below listed output from chkconfig --list. You are most kind; thanks Speedtouch is my modem Shorewall is what I believe to be the firewall, standard with Mandriva 2006 I guess alsa and sound are there because I'm listening to a CD at the same time. acpi 0:off 1:off 2:on 3:on 4:on 5:on 6:off acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off alsa 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off dm 0:off 1:off 2:off 3:off 4:off 5:on 6:off freshclam 0:off 1:off 2:on 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off harddrake 0:off 1:off 2:off 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off lisa 0:off 1:off 2:off 3:off 4:off 5:off 6:off mDNSResponder 0:off 1:off 2:off 3:on 4:on 5:on 6:off mandi 0:off 1:off 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off nifd 0:off 1:off 2:off 3:on 4:on 5:on 6:off numlock 0:off 1:off 2:off 3:on 4:on 5:on 6:off oki4daemon 0:off 1:off 2:off 3:off 4:off 5:off 6:off partmon 0:off 1:off 2:off 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off shorewall 0:off 1:off 2:on 3:on 4:on 5:on 6:off sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off speedtouch 0:off 1:off 2:off 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off xinetd based services: cups-lpd: off rsync: off Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted May 31, 2006 Report Share Posted May 31, 2006 OK, the others I would turn off are: netfs rawdevices as you won't need these. Netfs is usually used with nfs, but you don't have other nfs services installed, so you don't need this. Rawdevices is safe to turn off. I'm not entirely sure what it does, but the system works perfectly fine without it. Quote Link to comment Share on other sites More sharing options...
laiback Posted May 31, 2006 Author Report Share Posted May 31, 2006 Many thanks for the advice. I'm pleased to report that Lisa didn't return on a reboot. I feel much happier now and have learn't a thing or two in the process. Bye for now & many thanks Quote Link to comment Share on other sites More sharing options...
coverup Posted May 31, 2006 Report Share Posted May 31, 2006 I would suspect that mDNSResponder could be responsible for another open port that you were mentioning. Not sure what this service does... TRy to disable it temporarily and see if the system works without it. To disable the service temporarily (so it will come back after reboot), open root console and type service mDNSResponder stop netstat -tan The second line will show you ports which are currently open. Then try doing things that you would normally do on the net, eg, browse, download, etc. If everything works, stop mDNSresponder for good following the routine which Ian has explained before. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.