Security Stuff!!
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode
  1. Hamza Megahed
  2. /
  3. NMAP
  4. /
  5. Nmap 2

Nmap 2

Let’s try using nmap to scan and how to use it to stop unused services (attackers could use these services) by using command nmap -sS localhost to scan my computer

Starting Nmap 5.00 ( http://nmap.org ) at 2011-06-28 00:51 EEST  
Interesting ports on example (127.0.0.1):  
Not shown: 996 closed ports  
PORT     STATE SERVICE  
25/tcp   open  smtp  
111/tcp  open  rpcbind  
631/tcp  open  ipp
80/tcp   open  http  

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

we see here 4 ports we 4 services on my computer, want to get more information about these services 
1- SMTP using port 25 if it not use on your computer, shut it down by stopping its daemon(exim4 or postfix) by command /etc/init.d/postfix stop
let’s start scanning again nmap -sS localhost

Starting Nmap 5.00 ( http://nmap.org ) at 2011-06-28 00:51 EEST  
Interesting ports on example (127.0.0.1):  
Not shown: 996 closed ports  
PORT     STATE SERVICE  
111/tcp  open  rpcbind  
631/tcp  open  ipp
80/tcp   open  http

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

SMTP it gone
2- rpcbind  let’s see what is that 
/etc/services | grep 111

sunrpc        111/tcp        portmapper    # RPC 4.0 portmapper  
sunrpc        111/udp        portmapper 

and try another netstat -ntlp | grep 111

tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2419/portmap

LISTEN it’s active and waiting ,so let’s stop portmap daemon /etc/init.d/portmap stop  scanning again nmap -sS localhost

Starting Nmap 5.00 ( http://nmap.org ) at 2011-06-28 00:51 EEST  
Interesting ports on example (127.0.0.1):  
Not shown: 996 closed ports  
PORT     STATE SERVICE  
631/tcp  open  ipp
80/tcp   open  http

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds  

portmap is gone too 
3- ipp
cat /etc/services | grep 631

ipp        631/tcp                # Internet Printing Protocol  
ipp        631/udp 

and try another netstat -ntlp | grep 631

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1197/cupsd   

LISTEN it’s activated ,let’s shut it down /etc/init.d/cups stop
scanning again nmap -sS localhost

Starting Nmap 5.00 ( http://nmap.org ) at 2011-06-28 00:51 EEST  
Interesting ports on example (127.0.0.1):  
Not shown: 996 closed ports  
PORT     STATE SERVICE
80/tcp   open  http

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds   

it’s better now (if you want to shutdown HTTP, just shut down its daemon apache.

Note: I used here /etc/init.d/ to stop and start daemons, another distro of linux may be different such as redhat or centos /sbin/service httpd start to start apache server or (http).