HPE Community
Operating System - HP-UX
1834788 Members
2918 Online
110070 Solutions
New Discussion

How can I stop this listening services?

 
SOLVED
Go to solution
Irfan Ahmed_1
Advisor

‎12-16-2004 01:53 AM

‎12-16-2004 01:53 AM

How can I stop this listening services?

Hi gurus,
I am asked to close the following listening services in my server..
printer (515/tcp)
cmsd (704/tcp)
RPC program #805306352 ( 884/tcp)
UDP ports 606,654,919
TCP port 884

I don't know where to do changes. I tried to understand /etc/inetd.conf file.
Here I think I can close port for cmsd port.
But for others I don't know.
Help...

Waiting for reply..

Thanks
-Irfan
0 Kudos
Reply
6 REPLIES 6
bhavin asokan
Honored Contributor

‎12-16-2004 02:04 AM

‎12-16-2004 02:04 AM

Re: How can I stop this listening services?

hi,

the service ports (like telnet 23/tcp )are defined in /etc/services.

just hash it.restart the netservices.


regds,
0 Kudos
Reply
Irfan Ahmed_1
Advisor

‎12-16-2004 02:11 AM

‎12-16-2004 02:11 AM

Re: How can I stop this listening services?

Hi bhavin,
/etc/services is just for mapping. Commenting in this file will not help in any way.

Regards
-Irfan
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-16-2004 02:16 AM

‎12-16-2004 02:16 AM

Re: How can I stop this listening services?

/etc/services is more than name to service mapping. If corresponding entry does not exists in /etc/services, but if is there in /etc/inetd.conf, then application wont start.

Application can have port hardcoded into it and can listen on that port.

If you have lsof, you check what process/application is using a port.
lsof -p tcp:"port_no"
lsof -p udp:"port_no"

To disable those ports, you can disable them in firewall. Or you can have a roduct like ipfilter/baston to do that.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Ivajlo Yanakiev
Respected Contributor

‎12-16-2004 02:18 AM

‎12-16-2004 02:18 AM

Re: How can I stop this listening services?

Generaly if you want to stop some port you must stop daemons that open that port.
Use /sbin/init.d/daemon stop

where daemon=yourdaemon like nfs.server

If you need to disable this services for future

go to /etc/rc.config.d
dir where all daemon have coonfig file and
change 1 with 0

example

export RWHOD=1
to
export RWHOD=0


If you realy want control over your network
? You need IPFILTER and bastion host





0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-16-2004 02:23 AM

‎12-16-2004 02:23 AM

Solution

Re: How can I stop this listening services?

Removing the entries in /etc/services will do nothing; this is simply name mapping.

You need to find the entries in /etc/inetd.conf and comment them by placing a '#' character as the first character of the line.

Printer and cmsd will be obvious because there are obvious inetd.conf entries for these daemons. The others will require a little more work. Do an rpcinfo -p and an rpcinfo. Your 805306352 entry, for example, is the ttdbserver. Once you know the RPC program then find that entry also in /etc/inetd.conf.

When you have finished your changes to inetd.conf, issue an inetd -c command to reread the configuration file and reconfigure inetd. This will not affect established connections.

Man inetd, rpcinfo for details. Netstat and lsof (if you have installed it) are also useful for tracking down less than obvious daemons. You may also have a few listeners that are started in /sbin/init.d and you could have a few that are started by init so look in /etc/inittab as well.
If it ain't broke, I can fix that.
Reply
Biswajit Tripathy
Honored Contributor

‎12-16-2004 08:20 AM

‎12-16-2004 08:20 AM

Re: How can I stop this listening services?

As A. Clay Stephenson said, you need to modify
/etc/inetd.conf to block the ports you don't
want others to connect. Another way would be to
use IPFilter firewall to block these ports. To block
all the above ports, you need to configure the
following IPFilter rules:

block in quick proto tcp from any to any port = 515
block in quick proto tcp from any to any port = 704
block in quick proto tcp from any to any port = 884
block in quick proto udp from any to any port = 606
... you get the idea.

A much better way to configure the system would be to configure IPFilter to pass only the ports you want others to access and block everything else.

- Biswajit
:-)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.