Is my Redhat 9 safe with all this ports Open?

[novkhan]

Is my Redhat 9 safe with all this ports Open?

Goodday.

I have a Aztech 4 port router a RH9 behind it.

I did a NMAP on the Router and i got this results:

Interesting ports on
adslXXX.dynXXX.pacific.net.sg (210.24.XXX.XXX.):

(The 1599 ports scanned but not shown below are in state: closed)
Port State Service
80/tcp open http
255/tcp open unknown

Are this ports safe or do i have to close them.

And i did a NMAP scan on my RH9

Interesting ports on (10.0.0.X):
(The 1594 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
80/tcp open http
111/tcp open sunrpc
139/tcp open netbios-ssn
443/tcp open https
901/tcp open samba-swat
6000/tcp open X11

By the way i have amule running, i wonder if the ports are reflected here.

Please advise on what uncessary port i have to close to secure my PC .
Thanks.
Oh yah... Additional info I am also sharing files between my RH9 and Win 2000.

 

[Nodsu]

Someone move this post to alternative OS or networking and I'll answer..

 

[Nodsu]

Unless you have forwarded the ports 80 and 255 on the router knowingly then those open ports are Very Bad.

Your router should drop everything you haven't explicitly allowed. If your router supports uPnP turn it off! Check for suspicious apps on your computers. If your router is configurable through a web interface, make sure the router only allows configuring from the local network!

As for the ports open on Linux machine.. It is the services you have allowed yourself. None of them are a vulnerability since the default settings of RedHat are rather secure and your router should take care of most attack attempts.

SSH (in the form of sshd running on your machine) is a good and handy thing. Secure SHell is (as the name implies) a secure way to administer your machine remotely.

HTTP (80) and HTTPS (443) are most likely Apache you installed but forgot to disable. If you don't have any plans to run a webserver then just disable the httpd service.

Sun RPC is most likely NFS you installed. You have no use for this since your other machine is Windows and you are already using Samba. Disable the NFS service.

139 is your Samba.

Port 601 is the Web interface to Samba. If you prefer point and click to messing around in smb.conf then leave it running. You router should protect you from any hacking attempts.

Port 6000 is the X server. No way to turn it off unless you are willing to run command line only.

 

[novkhan]

Originally posted by Nodsu
Unless you have forwarded the ports 80 and 255 on the router knowingly then those open ports are Very Bad.

Your router should drop everything you haven't explicitly allowed. If your router supports uPnP turn it off! Check for suspicious apps on your computers. If your router is configurable through a web interface, make sure the router only allows configuring from the local network!

As for the ports open on Linux machine.. It is the services you have allowed yourself. None of them are a vulnerability since the default settings of RedHat are rather secure and your router should take care of most attack attempts.

SSH (in the form of sshd running on your machine) is a good and handy thing. Secure SHell is (as the name implies) a secure way to administer your machine remotely.

HTTP (80) and HTTPS (443) are most likely Apache you installed but forgot to disable. If you don't have any plans to run a webserver then just disable the httpd service.

Sun RPC is most likely NFS you installed. You have no use for this since your other machine is Windows and you are already using Samba. Disable the NFS service.

139 is your Samba.

Port 601 is the Web interface to Samba. If you prefer point and click to messing around in smb.conf then leave it running. You router should protect you from any hacking attempts.

Port 6000 is the X server. No way to turn it off unless you are willing to run command line only.

THANKYOU!

 

[Mictlantecuhtli]

Read also Linux Security Tips