problemas com portas abertas [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 25/04/2009 - 13:30h

passei o nmap no meu ip e vi muitas portas abertas, portas que nem uso

queria fexar todas elas, primeiramente a porta 80 que esta o apache que nem to usando, meu computador eh pessoal, nao eh servidor nem nada

=============================================

21/tcp open ftp ProFTPD 1.3.2
22/tcp open ssh OpenSSH 5.1 (protocol 2.0)
80/tcp open http Apache httpd 2.2.9 ((Mandriva Linux/PREFORK-12mdv2009.0))
| robots.txt: has 10 disallowed entries
| /manual/ /manual-1.3/ /manual-2.0/ /manual-2.2/
|_ /addon-modules/ /doc/ /images/ /all_our_e-mail_addresses /admin/ /
|_ HTML title: Site doesn't have a title.
111/tcp open rpcbind
| rpcinfo:
| 100000 2 111/udp rpcbind
| 100003 2,3,4 2049/udp nfs
| 100021 1,3,4 37507/udp nlockmgr
| 100024 1 41488/udp status
| 100005 1,2,3 60206/udp mountd
| 100000 2 111/tcp rpcbind
| 100003 2,3,4 2049/tcp nfs
| 100024 1 34062/tcp status
| 100005 1,2,3 46403/tcp mountd
|_ 100021 1,3,4 54833/tcp nlockmgr
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: MDKGROUP)
443/tcp open ssl/http Apache httpd 2.2.9 ((Mandriva Linux/PREFORK-12mdv2009.0))
|_ HTML title: Site doesn't have a title.
| robots.txt: has 10 disallowed entries
| /manual/ /manual-1.3/ /manual-2.0/ /manual-2.2/
|_ /addon-modules/ /doc/ /images/ /all_our_e-mail_addresses /admin/ /
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: MDKGROUP)
631/tcp open ipp CUPS 1.3.9
2049/tcp open rpcbind
5555/tcp open freeciv?
6000/tcp open X11 (access denied)

=======================================================

oq devo fazer?? eu instalei o apache, mas nao quero usar por enquanto, pq pretendo usar futuramente mas soh quando eu aprender na facu.

agradeço pela atençao

flw

stremer
(usa Arch Linux)

Enviado em 25/04/2009 - 17:26h

existe 2 formas...
A primeira é configurar o firewall para barrar conexões de entrada nestas portas..
A segunda (eu acho melhor), é tirar estes serviços da inicialização do linux e quando precisar iniciar manualmente.

removido
(usa Nenhuma)

Enviado em 25/04/2009 - 23:45h

quais portas eu devo fexar??

eu ja fexei o do apache, e como fexa o do samba?? e outros?

removido
(usa Nenhuma)

Enviado em 27/04/2009 - 11:44h

galera, ainda estou tendo grande problema com as portas abertas, como eu paro o apache?? e o outros que estrao abrindo as portas??

upc0d3
(usa Gentoo)

Enviado em 28/04/2009 - 08:18h

pelo amor de deus.....

"eu ja fexei o do apache, e como fexa o do samba?? e outros?"

PARA o servico do samba /etc/init.d/smbd stop ; /etc/init.d/nmbd stop

quanto a tua pergunta de QUAIS portas tu deve fechar ? quem mehor do que TU mesmo pra responder ela ?

agora se tu nao sabe como fazer isso a conversa eh outra... dah pra fazer pelo squid, como teu pc eh pessoal mesmo, vai usar soh a tabela filter.... exemplo: # iptables -t filter -A INPUT -p tcp --dport 21 -j DROP

dah uma olhada no guia foca, na parte de iptables.... eh muito bom lah....

removido
(usa Nenhuma)

Enviado em 28/04/2009 - 09:31h

[root@localhost douglas]# /etc/init.d/smbd stop ; /etc/init.d/nmbd stop
bash: /etc/init.d/smbd: Arquivo ou diretório não encontrado
bash: /etc/init.d/nmbd: Arquivo ou diretório não encontrado

=========================================================

queria para o serviço apache e samba

portas:
80
139
443
445

o que eu quero msm eh parar esses serviços e nao soh colocar iptables nele

upc0d3
(usa Gentoo)

Enviado em 28/04/2009 - 10:02h

para parar o apache eh:

# /etc/init.d/httpd stop

cara, tah estranho isso ai tu tem porta que usa servico microsoft rodando no teu sistema....

dah um top ou ps e ve os processos que estaum rodando no teu sistema ai cara...

falou!

removido
(usa Nenhuma)

Enviado em 28/04/2009 - 10:34h

[douglas@localhost ~]$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1708 112 ? Ss 09:44 0:00 init [5]
root 2 0.0 0.0 0 0 ? S< 09:44 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S< 09:44 0:00 [migration/0]
root 4 0.0 0.0 0 0 ? S< 09:44 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 09:44 0:00 [events/0]
root 6 0.0 0.0 0 0 ? S< 09:44 0:00 [khelper]
root 47 0.0 0.0 0 0 ? S< 09:44 0:00 [kintegrityd/0]
root 48 0.0 0.0 0 0 ? S< 09:44 0:00 [kblockd/0]
root 50 0.0 0.0 0 0 ? S< 09:44 0:00 [kacpid]
root 51 0.0 0.0 0 0 ? S< 09:44 0:00 [kacpi_notify]
root 130 0.0 0.0 0 0 ? S< 09:44 0:00 [kseriod]
root 170 0.0 0.0 0 0 ? S 09:44 0:00 [pdflush]
root 171 0.0 0.0 0 0 ? S 09:44 0:00 [pdflush]
root 172 0.0 0.0 0 0 ? S< 09:44 0:01 [kswapd0]
root 215 0.0 0.0 0 0 ? S< 09:44 0:00 [aio/0]
root 359 0.0 0.0 0 0 ? S< 09:44 0:00 [kpsmoused]
root 379 0.0 0.0 0 0 ? S< 09:44 0:00 [ksuspend_usbd]
root 380 0.0 0.0 0 0 ? S< 09:44 0:00 [khubd]
root 401 0.0 0.0 0 0 ? S< 09:44 0:00 [ata/0]
root 402 0.0 0.0 0 0 ? S< 09:44 0:00 [ata_aux]
root 405 0.0 0.0 0 0 ? S< 09:44 0:00 [scsi_eh_0]
root 406 0.0 0.0 0 0 ? S< 09:44 0:00 [scsi_eh_1]
root 409 0.0 0.0 0 0 ? S< 09:44 0:00 [scsi_eh_2]
root 410 0.0 0.0 0 0 ? S< 09:44 0:00 [scsi_eh_3]
root 416 0.0 0.0 0 0 ? S< 09:44 0:00 [kjournald]
root 535 0.0 0.2 2560 1128 ? S<s 09:44 0:00 /sbin/udevd -d
root 1407 0.0 0.0 0 0 ? S< 09:44 0:00 [kgameportd]
root 1504 0.0 0.0 0 0 ? S< 09:44 0:00 [kstriped]
root 1561 0.0 0.0 0 0 ? S< 09:44 0:00 [kjournald]
root 1572 0.0 0.1 3760 636 ? Ss 09:44 0:00 /sbin/mount.ntfs-3g /dev/sda1 /mnt/win-c -o rw
root 1576 0.0 0.1 3896 776 ? Ss 09:44 0:00 /sbin/mount.ntfs-3g /dev/sda7 /mnt/win-d -o rw
root 2066 0.0 0.0 1704 340 ? Ss 09:44 0:00 /usr/sbin/acpid
daemon 2105 0.0 0.0 1916 100 ? Ss 09:44 0:00 /usr/sbin/atd
root 2229 0.0 0.0 1784 324 ? Ss 09:44 0:00 syslogd -m 0 -a /var/spool/postfix/dev/log
root 2290 0.0 0.0 1708 296 ? Ss 09:44 0:00 klogd -x
root 2359 0.0 0.0 0 0 ? S< 09:44 0:00 [kauditd]
postgres 2483 0.0 0.1 40208 516 ? S 09:44 0:00 /usr/bin/postmaster -D /var/lib/pgsql/data
root 2520 0.0 0.0 1728 108 ? Ss 09:44 0:00 /sbin/ifplugd -I -b -i eth0
postgres 2653 0.0 0.1 40208 592 ? Ss 09:44 0:00 postgres: writer process
postgres 2654 0.0 0.1 40208 516 ? Ss 09:44 0:00 postgres: wal writer process
postgres 2655 0.0 0.1 40208 780 ? Ss 09:44 0:00 postgres: autovacuum launcher process
postgres 2656 0.0 0.1 11528 628 ? Ss 09:44 0:00 postgres: stats collector process
root 2798 0.0 0.0 2316 424 ? Ss 09:44 0:00 dhclient -1 -q -lf /var/lib/dhcp/dhclient-eth0.leases -pf /v
nobody 2932 0.0 0.0 1828 136 ? Ss 09:44 0:00 /usr/sbin/dc_server -daemon -pidfile /var/run/dc_server.pid
81 2953 0.0 0.0 27184 300 ? Ssl 09:44 0:00 memcached -d -p 11211 -U 0 -l 127.0.0.1 -u memcached -m 64 -
nobody 3037 0.0 0.1 6296 852 ? Ss 09:44 0:00 proftpd: (accepting connections)
bin 3068 0.0 0.0 1820 84 ? Ss 09:44 0:00 portmap
root 3086 0.0 0.1 3944 636 ? Ss 09:44 0:00 crond
rpcuser 3088 0.0 0.0 1896 92 ? Ss 09:44 0:00 rpc.statd
14 3427 0.0 0.1 2652 960 ? Ss 09:44 0:00 dbus-daemon --system
70 3507 0.0 0.3 6336 1564 ? Ss 09:44 0:00 hald
root 3511 0.0 0.1 3540 608 ? S 09:44 0:00 /usr/bin/kdm -nodaemon
avahi 3530 0.0 0.0 2816 452 ? Ss 09:44 0:00 avahi-daemon: running [mandrivalinux.local]
root 3545 0.0 0.5 18440 2952 ? Ss 09:44 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHA
root 3584 0.0 0.4 8252 2124 ? Ssl 09:44 0:00 /usr/sbin/console-kit-daemon
root 3654 0.0 0.1 3316 640 ? S 09:44 0:00 hald-runner
root 3656 0.0 3.5 40220 18296 ? Sl 09:44 0:02 python /usr/bin/coherence -d -c /etc/coherence/coherence.con
apache 3675 0.0 0.5 18516 2932 ? S 09:44 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHA
apache 3676 0.0 0.5 18516 2932 ? S 09:44 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHA
apache 3677 0.0 0.5 18516 2932 ? S 09:44 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHA
apache 3678 0.0 0.5 18516 2932 ? S 09:44 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHA
apache 3679 0.0 0.5 18516 2932 ? S 09:44 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHA
apache 3680 0.0 0.5 18516 2932 ? S 09:44 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHA
apache 3681 0.0 0.5 18516 2932 ? S 09:44 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHA
apache 3682 0.0 0.5 18516 2932 ? S 09:44 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHA
root 3859 0.0 0.0 5808 444 ? Ss 09:44 0:00 /usr/lib/postfix/master
postfix 3878 0.0 0.0 5892 396 ? S 09:44 0:00 pickup -l -t fifo -u -c -o content_filter -o receive_overri
postfix 3879 0.0 0.0 5940 448 ? S 09:44 0:00 qmgr -l -t fifo -u -c
root 3894 0.0 0.1 15756 636 ? Ss 09:44 0:00 smbd -D
root 3908 0.0 0.1 9348 772 ? Ss 09:44 0:00 nmbd -D
root 3963 0.0 0.0 3388 256 ? S 09:44 0:00 hald-addon-input: Listening on /dev/input/event5 /dev/input/
root 4004 0.0 0.0 1704 96 ? Ss 09:44 0:00 anacron
root 4051 0.0 0.0 3392 488 ? S 09:44 0:00 hald-addon-storage: no polling on /dev/fd0 because it is exp
70 4071 0.0 0.0 2072 96 ? S 09:44 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.so
root 4072 0.0 0.1 3392 600 ? S 09:44 0:00 hald-addon-storage: polling /dev/sr0 (every 2 sec)
root 4164 0.0 0.0 1964 348 ? Ss 09:45 0:00 /usr/sbin/mandi -d
root 4203 0.0 0.2 7408 1252 ? SNs 09:45 0:00 cupsd
root 4212 0.0 0.0 0 0 ? S< 09:45 0:00 [rpciod/0]
root 4223 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsiod]
root 4234 0.0 0.0 2052 140 ? Ss 09:45 0:00 rpc.idmapd
root 4271 0.0 0.1 15756 636 ? S 09:45 0:00 smbd -D
root 4307 0.0 0.0 5644 320 ? Ss 09:45 0:00 /usr/sbin/sshd
root 4344 0.0 0.0 0 0 ? S< 09:45 0:00 [lockd]
root 4352 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsd4]
root 4353 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsd]
root 4354 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsd]
root 4355 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsd]
root 4357 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsd]
root 4358 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsd]
root 4359 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsd]
root 4360 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsd]
root 4361 0.0 0.0 0 0 ? S< 09:45 0:00 [nfsd]
root 4378 0.0 0.0 2020 128 ? Ss 09:45 0:00 rpc.mountd
root 4392 0.1 1.0 7584 5300 ? SNs 09:45 0:02 /usr/sbin/preload --verbose 1
root 4453 0.0 0.0 1692 56 tty1 Ss+ 09:45 0:00 /sbin/mingetty tty1
root 4455 0.0 0.0 1692 60 tty2 Ss+ 09:45 0:00 /sbin/mingetty tty2
root 4457 0.0 0.0 1692 56 tty3 Ss+ 09:45 0:00 /sbin/mingetty tty3
root 4459 0.0 0.0 1692 60 tty4 Ss+ 09:45 0:00 /sbin/mingetty tty4
root 4461 0.0 0.0 1692 52 tty5 Ss+ 09:45 0:00 /sbin/mingetty tty5
root 4463 0.0 0.0 1692 60 tty6 Ss+ 09:45 0:00 /sbin/mingetty tty6
douglas 5368 0.7 0.9 36808 5048 ? S<sl 10:14 0:08 /usr/bin/pulseaudio --daemonize --log-target=syslog
douglas 5371 0.0 0.1 8468 976 ? S 10:14 0:00 /usr/lib/pulse/gconf-helper
douglas 5906 2.8 5.8 182644 30004 ? Sl 10:19 0:21 python /usr/lib/exaile/exaile.py --no-equalizer
root 6579 4.5 8.1 51184 41888 tty7 SLs+ 10:28 0:11 /etc/X11/X -br -deferglyphs 16 :0 vt7 -auth /var/run/xauth/A
root 6583 0.0 0.4 4624 2120 ? S 10:28 0:00 -:0
root 6776 0.0 0.1 3020 696 ? S 10:28 0:00 dbus-launch --autolaunch 7d2ee45a0dd6a628bc6ce44a49ad1d7a --
root 6777 0.0 0.1 2372 656 ? Ss 10:28 0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7
douglas 6840 0.0 1.2 28800 6604 ? Ssl 10:28 0:00 gnome-session
douglas 6989 0.0 0.1 3020 692 ? S 10:28 0:00 /usr/bin/dbus-launch --exit-with-session --sh-syntax
douglas 6990 0.0 0.2 2636 1100 ? Ss 10:28 0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7
douglas 7022 0.0 0.4 9928 2520 ? Ss 10:28 0:00 s2u --daemon=yes
douglas 7028 0.2 0.9 8156 5032 ? S 10:28 0:00 /usr/lib/gconfd-2
douglas 7032 0.0 0.6 15748 3512 ? S 10:28 0:00 /usr/lib/gnome-session/helpers/gnome-keyring-daemon-wrapper
douglas 7034 0.2 3.5 52868 18308 ? Ssl 10:28 0:00 /usr/lib/gnome-settings-daemon
douglas 7035 0.0 0.3 14784 2052 ? S 10:28 0:00 /usr/bin/gnome-keyring-daemon
douglas 7040 0.0 0.3 5360 1952 ? S 10:28 0:00 /usr/lib/gvfsd
douglas 7056 0.2 0.6 25376 3160 ? Ss 10:28 0:00 gnome-screensaver
douglas 7057 0.5 2.6 26312 13548 ? S 10:28 0:01 /usr/bin/metacity
douglas 7063 1.1 4.8 77764 24968 ? S 10:28 0:02 gnome-panel
douglas 7066 0.0 0.6 40856 3548 ? Ssl 10:28 0:00 /usr/lib/bonobo-activation-server --ac-activate --ior-output
douglas 7068 0.3 4.8 89024 24948 ? S 10:28 0:00 nautilus --no-desktop --browser
douglas 7072 0.5 5.2 42300 26968 ? S 10:28 0:01 /usr/bin/perl /usr/bin/net_applet
douglas 7074 1.3 5.4 42880 27924 ? S 10:28 0:03 /usr/bin/perl /usr/bin/draksnapshot-applet
douglas 7075 0.0 2.0 57012 10368 ? Sl 10:28 0:00 /usr/lib/evolution/2.24/evolution-alarm-notify
douglas 7082 0.0 1.1 19176 5980 ? S 10:28 0:00 pam-panel-icon
douglas 7085 0.1 3.1 33632 16272 ? S 10:28 0:00 python /usr/share/system-config-printer/applet.py
root 7086 0.0 0.1 1912 632 ? S 10:28 0:00 /sbin/pam_timestamp_check -d root
douglas 7089 0.0 1.6 27560 8660 ? Ss 10:28 0:00 gnome-power-manager
douglas 7093 0.0 1.4 71104 7400 ? Sl 10:28 0:00 /usr/lib/evolution-data-server-2.24 --oaf-activate-iid=OAFII
douglas 7112 0.0 0.6 22484 3104 ? Sl 10:28 0:00 /usr/lib/gvfs-hal-volume-monitor
douglas 7116 0.0 0.5 22308 2620 ? S 10:28 0:00 /usr/lib/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/
douglas 7128 0.0 0.4 5584 2148 ? S 10:28 0:00 /usr/lib/gvfsd-burn --spawner :1.8 /org/gtk/gvfs/exec_spaw/1
douglas 7142 0.2 2.7 60668 14324 ? S 10:28 0:00 /usr/lib/sound-monitor_applet2 --oaf-activate-iid=OAFIID:GNO
douglas 7145 0.0 1.9 25624 9824 ? S 10:28 0:00 /usr/lib/multiload-applet-2 --oaf-activate-iid=OAFIID:GNOME_
douglas 7151 0.0 3.2 80596 16712 ? Sl 10:28 0:00 /usr/lib/mixer_applet2 --oaf-activate-iid=OAFIID:GNOME_Mixer
douglas 7195 11.7 14.6 240588 75132 ? Rl 10:29 0:23 firefox
douglas 7401 1.2 3.5 75396 18344 ? Sl 10:31 0:00 gnome-terminal
douglas 7405 0.0 0.1 1752 576 ? S 10:31 0:00 gnome-pty-helper
douglas 7406 0.0 0.3 4464 1976 pts/0 Ss 10:31 0:00 bash
douglas 7474 0.0 0.2 2236 1076 pts/0 T 10:31 0:00 top
douglas 7485 0.0 0.2 2236 1080 pts/0 T 10:31 0:00 top
douglas 7529 0.0 0.1 2476 916 pts/0 R+ 10:32 0:00 ps aux

upc0d3
(usa Gentoo)

Enviado em 28/04/2009 - 14:30h

cara, eu nao falei pra ti postar a saida dos comandos....
eu falei pra ti OLHAR....

deu pra ver ai que tu tem um servico de apache, um de postfix.... e eu olhei bem por cima isso....

agora eh contigo


falloouuu

removido
(usa Nenhuma)

Enviado em 28/04/2009 - 17:06h

alguem pode me ajuda??

as portas e os serviços eu ja sei

soh quero saber como faz para parar estes serviços

e sempre que vo acessar a internet ou quando faço o login, aparece um aviso do firewall, que eu fui atacado!!! e o ip que me atacou eh o meu msm, ou seja, eu estou tentando me conectar??? automaticamente!!!

por isso q scaniei o meu ip, e vi essa porrada de portas abertas e um monte de serviços que nem uso

agradeço a atençao de todos

flw

cesar
(usa CentOS)

Enviado em 28/04/2009 - 17:20h

Que distro você usa?

Mandriva?

[]'s

César M. Nascimento

removido
(usa Nenhuma)

Enviado em 28/04/2009 - 17:23h

isso

mandriva powerpack 2009.0

e acabou de aparecer um outro ip "que nao sou eu" se conectando ao meu pc pela porta 1027

¬¬

me ajudem aeeeeW!!!!

vlw