how to turn off a port 1

[gchen]

i did a nmap localhost and found my port 333 was open by an unknow service. i am afrid there is any security threat. how can i turn it off?

Thanks a bunch!

 

[thedaver]

You can either block the port using a firewall or kill of the process using the port.

I recommend issuing this on your machine to gather an understanding:

'lsof -Pni'

Look for the port 333 reference and see if you recognize the service.

port 333 is not a defined port in my /etc/services files so you may be looking at an issue.

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[gchen]

Thanks!

Where is the lsof?

I can "man lsof" however i could not execute lsof. it is not found.

 

[gchen]

Also, how could i ps the process with port number? So i can kill it. Thanks!

 

[thedaver]

lsof is a command typically available to the 'root' user in
/sbin
/usr/sbin
/usr/local/sbin

The output of the lsof command will include the process #

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[gchen]

i am root and root's PATH has all those directories yet lsof is not found. i also went to each directory and type lsof, still not found. My linux box is Redhat Version 8.12.5. Could it be different name?

 

[thedaver]

do this

cd /
find -iname lsof

be paitent while it scans your system

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[RhythmAce]

Another way to look for it is:

whereis lsof
which lsof

 

[KenCunningham]

Or type which lsof. If the result is nothing (blank), you may have to download it and install.

I don't mind people who aren't what they seem. I just wish they'd make their mind up.

 

[gchen]

i have already tried "which lsof" and not luck. my machine is a linux redhat 8.12.5,

where can i download this lsof piece? Thanks! ;-)

 

[lgarner]

which" checks the path, so if typing lsof doesn't work, which shouldn't return anything.

"find / -name lsof" should find it if it's installed. Running "locate lsof" after running "updatedb" should also work, though I'm not sure about RH8.

Finally, "rpm -qa |grep lsof" ought to return something if it's installed, as it's installed by lsof-4.72-1.4.rpm on my RHEL system. It sounds as though it isn't.

 

[gchen]

Thank you all! I got my lsof working now. I pulled out lsof -Pni as below and i am worry if some of them are trajon ;-(

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
smbd 20 root 3u IPv4 37 TCP *:901 (LISTEN)
portmap 600 root 3u IPv4 1160 UDP *:111
portmap 600 root 4u IPv4 1161 TCP *:111 (LISTEN)
rpc.statd 622 root 4u IPv4 1252 UDP *:32768
rpc.statd 622 root 6u IPv4 1255 TCP *:32768 (LISTEN)
sshd 748 root 3u IPv4 1429 TCP *:22 (LISTEN)
xinetd 766 root 5u IPv4 1463 TCP 127.0.0.1:32769 (LISTEN)
sendmail 795 root 4u IPv4 1546 TCP 127.0.0.1:25 (LISTEN)
privoxy 818 root 3u IPv4 1577 TCP 127.0.0.1:8118 (LISTEN)
httpd 844 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 844 root 4u IPv4 1627 TCP *:443 (LISTEN)
httpd 932 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 932 root 4u IPv4 1627 TCP *:443 (LISTEN)
httpd 933 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 933 root 4u IPv4 1627 TCP *:443 (LISTEN)
httpd 934 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 934 root 4u IPv4 1627 TCP *:443 (LISTEN)
httpd 935 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 935 root 4u IPv4 1627 TCP *:443 (LISTEN)
httpd 936 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 936 root 4u IPv4 1627 TCP *:443 (LISTEN)
httpd 937 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 937 root 4u IPv4 1627 TCP *:443 (LISTEN)
httpd 938 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 938 root 4u IPv4 1627 TCP *:443 (LISTEN)
httpd 939 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 939 root 4u IPv4 1627 TCP *:443 (LISTEN)
miniserv. 1009 root 3u IPv4 1890 TCP *:20000 (LISTEN)
miniserv. 1009 root 4u IPv4 1891 UDP *:20000
miniserv. 1016 root 5u IPv4 1914 TCP *:11000 (LISTEN)
miniserv. 1016 root 6u IPv4 1915 UDP *:10000
3 1042 root 3u IPv4 1953 TCP *:333 (LISTEN)
bash 1105 root 1u IPv4 574651 TCP xxx.xxx.xxx.xxx:47399->195.197.175.21:6667 (ESTABLISHED)
bash 1105 root 2u IPv4 2140 TCP xxx.xxx.xxx.xxx:32781->195.197.175.21:6667 (ESTABLISHED)
bash 1105 root 3u IPv4 2050 UDP *:32769
httpd 3368 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 3368 root 4u IPv4 1627 TCP *:443 (LISTEN)
httpd 3381 root 3u IPv4 1626 TCP *:80 (LISTEN)
httpd 3381 root 4u IPv4 1627 TCP *:443 (LISTEN)

any suggestion or recommendation is high appreciated!

BTW, i am running a apache httpd on this linux box.

 

[gchen]

folks,

i think i got a trajon ;-(

i killed below process ...

bash 12010 root 1u IPv4 691371 TCP xxx.xxx.xxx.xxx:47657->216.171.237.218:6667 (SYN_SENT)
bash 12010 root 2u IPv4 691364 TCP xxx.xxx.xxx.xxx:47654->161.53.178.240:6667 (ESTABLISHED)
bash 12010 root 3u IPv4 691354 UDP *:33143

and it came back on again ...

bash 12022 root 1u IPv4 693959 TCP xxx.xxx.xxx.xxx:47665->194.109.20.90:6667 (ESTABLISHED)
bash 12022 root 2u IPv4 694012 TCP xxx.xxx.xxx.xxx:47679->216.171.237.218:6667 (SYN_SENT)
bash 12022 root 3u IPv4 693944 UDP *:33144

Is there a way to fig ouot more detail so i can kill it once for all?

i am willing to spend some money to get this one done in a professional way, can anyone lend a hand?

Thanks a million!

 

[thedaver]

I am available via my website on a consulting basis.



D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/