View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Closing ports 111 and 1720
Log in to Ask a Question

Closing ports 111 and 1720

general

Hi there

I've just installed a fresh Debian 6 on a Linode and an nmap shows:

PORT STATE SERVICE

22/tcp open ssh

111/tcp open rpcbind

1720/tcp open H.323/Q.931

I've tried the following to close port 111:

# update-rc.d portmap remove
update-rc.d: using dependency based boot sequencing
insserv: Service portmap has to be enabled to start service nfs-common
insserv: exiting now!
update-rc.d: error: insserv rejected the script header

As you can see, it doesn't like it. Also the service on port 1720 seems to be running and I'm not sure what needs to be killed to stop that.

Any advise would be great. Thanks!

8 Replies

Is that running nmap from the linode itself or an outside source? If it's outside it may show things that aren't really open, for example my isp says ftp is open regardless of what ip I scan.

Anyway to see what's really listening run netstat -lpntu it will list the port, ip address and process that is listening.

It was from an outside source. The output from the netstat command was:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1362/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1715/sshd
tcp        0      0 0.0.0.0:50815           0.0.0.0:*               LISTEN      1374/rpc.statd
tcp6       0      0 :::22                   :::*                    LISTEN      1715/sshd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1498/dhclient
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1362/portmap
udp        0      0 178.79.158.162:123      0.0.0.0:*                           1629/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           1629/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           1629/ntpd
udp        0      0 0.0.0.0:702             0.0.0.0:*                           1374/rpc.statd
udp        0      0 0.0.0.0:34511           0.0.0.0:*                           1374/rpc.statd
udp6       0      0 fe80::fcfd:b2ff:fe4:123 :::*                                1629/ntpd
udp6       0      0 ::1:123                 :::*                                1629/ntpd
udp6       0      0 :::123                  :::*                                1629/ntpd

Shall I just kill process 1362 or will that cause problems? I can't see any mention of port 1720 there though for that one. I'm not sure why ports which are closed would be showing as open though.

Randomly killing a process can cause problems, it looks like you have nfs enabled, are you using it? If not you will want to try

update-rc.d nfs-common remove
update-rc.d portmap remove

For both of these the following response was given:

update-rc.d: using dependency based boot sequencing

I'm not sure what this means; is it something to do with the way Linodes are set up? I've never seen this with a vanilla debian before.

It's how debian now deals with boot sequences the old style is the /etc/rc scripts ran in order of name i.e 00xxx then 01xxx, this made dependancy tracking a pain.

Now assuming all your init scripts have proper lsb information then they can state what they depend on if they depend on something then that must be enabled and start before the script that depends on it.

If you reboot your linode then run netstat -lpntu again you shouldn't see those services anymore.

That reboot worked a treat; port 111 is closed and the portmap service isn't running anymore. Unfortunately, the '1720/tcp open H.323/Q.931' is still showing in a standard nmap and this isn't showing up in the netstat command. Any ideas how to remove this?

Where are you running nmap from? If netstat says it isn't listening, it isn't listening. It's likely some other network device between you and your Linode that's configured to transparently proxy traffic on that port.

@JshWright:

Where are you running nmap from? If netstat says it isn't listening, it isn't listening. It's likely some other network device between you and your Linode that's configured to transparently proxy traffic on that port.

Bingo! Thanks a lot to both of you :)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct