a***@amenex.com
2018-11-22 15:01:01 UTC
While discussing the risks of having open ports, the question came up:
How do I detect open ports on my own computer?
To find those open ports on my local network, I ran this command:
sudo nmap -sS -Pn 192.168.1.0/29 > Desktop/nMap-192.168.1.0-29.txt
That disclosed the open ports 139, 445 and 8200. The first two rang alarm
bells ...
How to close those ports ... searches in the Triaquel forum revealed lots
of suggestions of programs to install, but none are in the Triquel repository
available through Add/Remove Applications.
So I went to the Internet for relief:
https://www.binarytides.com/close-open-ports-manually-in-ubuntu/
and followed that advice: lsof -i :8200 [no response].
Similarly: lsof -i :139 ... lsof -i :445 ... [no responses].
I would like to think that nmap found those open ports because they were
needed
just to run nmap and promptly closed them after the scan was complete.
The same scan listed more open ports on my network-attached printer, but
those
seemed mostly specific to the printing process ... and I don't get
unsolicited
printer output.
Similarly for my router, which has proven itself secure to date.
Another set of results, this time from netstat -lpn (truncated for clarity):
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
-
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN
-
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
-
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
-
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN
-
...
udp 0 0 192.168.1.2:45773 0.0.0.0:*
-
...
udp 0 0 192.168.1.255:137 0.0.0.0:*
-
udp 0 0 192.168.1.2:137 0.0.0.0:*
-
... -
udp 0 0 192.168.1.255:138 0.0.0.0:*
-
udp 0 0 192.168.1.2:138 0.0.0.0:*
-
...
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name
Path
...
unix 2 [ ACC ] STREAM LISTENING 22066 1433/systemd
/run/user/1000/systemd/private
...
unix 2 [ ACC ] STREAM LISTENING 20921 1502/dbus-daemon
@/tmp/dbus-sn82wE13mp
unix 2 [ ACC ] STREAM LISTENING 20967 1442/mate-session
@/tmp/.ICE-unix/1442
...
unix 2 [ ACC ] STREAM LISTENING 20968 1442/mate-session
/tmp/.ICE-unix/1442
...
Netstat picks up the open ports 139, 445 and 8200, but none are associated
with
a particular process, so it would appear that they are only actually opened
when tcp is going on (i.e., during an nmap scan). Am I correct to relax now ?
Thanks,
George Langford
How do I detect open ports on my own computer?
To find those open ports on my local network, I ran this command:
sudo nmap -sS -Pn 192.168.1.0/29 > Desktop/nMap-192.168.1.0-29.txt
That disclosed the open ports 139, 445 and 8200. The first two rang alarm
bells ...
How to close those ports ... searches in the Triaquel forum revealed lots
of suggestions of programs to install, but none are in the Triquel repository
available through Add/Remove Applications.
So I went to the Internet for relief:
https://www.binarytides.com/close-open-ports-manually-in-ubuntu/
and followed that advice: lsof -i :8200 [no response].
Similarly: lsof -i :139 ... lsof -i :445 ... [no responses].
I would like to think that nmap found those open ports because they were
needed
just to run nmap and promptly closed them after the scan was complete.
The same scan listed more open ports on my network-attached printer, but
those
seemed mostly specific to the printing process ... and I don't get
unsolicited
printer output.
Similarly for my router, which has proven itself secure to date.
Another set of results, this time from netstat -lpn (truncated for clarity):
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
-
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN
-
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
-
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
-
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN
-
...
udp 0 0 192.168.1.2:45773 0.0.0.0:*
-
...
udp 0 0 192.168.1.255:137 0.0.0.0:*
-
udp 0 0 192.168.1.2:137 0.0.0.0:*
-
... -
udp 0 0 192.168.1.255:138 0.0.0.0:*
-
udp 0 0 192.168.1.2:138 0.0.0.0:*
-
...
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name
Path
...
unix 2 [ ACC ] STREAM LISTENING 22066 1433/systemd
/run/user/1000/systemd/private
...
unix 2 [ ACC ] STREAM LISTENING 20921 1502/dbus-daemon
@/tmp/dbus-sn82wE13mp
unix 2 [ ACC ] STREAM LISTENING 20967 1442/mate-session
@/tmp/.ICE-unix/1442
...
unix 2 [ ACC ] STREAM LISTENING 20968 1442/mate-session
/tmp/.ICE-unix/1442
...
Netstat picks up the open ports 139, 445 and 8200, but none are associated
with
a particular process, so it would appear that they are only actually opened
when tcp is going on (i.e., during an nmap scan). Am I correct to relax now ?
Thanks,
George Langford