HPE Community
Operating System - HP-UX
1820297 Members
3195 Online
109622 Solutions
New Discussion юеВ

Open and closing of Ports

 
HPP
Regular Advisor

тАО05-22-2001 07:06 AM

тАО05-22-2001 07:06 AM

Open and closing of Ports

Hi,
I have closed all the unwanted ports in /etc/services by commenting and running "inetd -c". If i run portscan on the server it shows some of the ports that are open which is not listed in /etc/services, for example:

49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49157/tcp open unknown
49158/tcp open unknown
49161/tcp open unknown
49162/tcp open unknown
49167/tcp open unknown

Also the Port 1521/tcp which is used by oracle listener is not listed in /etc/services, but still listerner is working fine and people are able to connect to Oracle Database through Listener.

Can someone please explain the reason why this is happening?
And how to close the Dynamic/Private ports range 49152 to 65535?

Thanks
Be Teachable
1 person had this problem.
0 Kudos
Reply
4 REPLIES 4
James R. Ferguson
Acclaimed Contributor

тАО05-22-2001 07:31 AM

тАО05-22-2001 07:31 AM

Re: Open and closing of Ports

Hi:

An entry in /etc/services isn't required to use a particular port number. The file only serves to associate a name with a number and in doing so, "declare" that a particular number is "intended" for a particular function.

...JRF...
0 Kudos
Reply
HPP
Regular Advisor

тАО05-22-2001 07:58 AM

тАО05-22-2001 07:58 AM

Re: Open and closing of Ports

James Ferguson,
Thanks the quick response. I am clear with it now. BTW, how to close the Dynamics ports from 49152 to 65535?

Thanks

Be Teachable
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО05-22-2001 08:22 AM

тАО05-22-2001 08:22 AM

Re: Open and closing of Ports

Hi:

You can use 'ndd' to set the values of 'tcp_largest_anon_port' and 'udp_largest_anon_port'. These control the automatic assignment of port numbers.

To make this permanent, put the settings in /etc/rc.config.d/nddconf.

...JRF...
0 Kudos
Reply
rick jones
Honored Contributor

тАО05-23-2001 09:28 AM

тАО05-23-2001 09:28 AM

Re: Open and closing of Ports

"closing" a port the way I think you mean to imply it involves making sure that the application opening the socket and binding to that port does not run in the first place.

even if you change the anonymous port range with ndd, apps can still explicitly select port numbers in the entirety of the port number range.

if you are trying to "harden" your system, you might try the "bastion host" paper at http://people.hp.se/stevesk
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.