Can't close port 389

04-03-2004, 03:23 PM

When I run an external portscan of my Linux box, port 389 is open. Yet it
doesn't show up in netstat -na, and iptables should be blocking it. I'm
using 7th Sphere to portscan from a Windows box, and it says "389: CONNECT"
just like it does for all other open ports. Iptables is blocking every other
open port like it should, but somehow this one still seems open. I can't
even find the process that owns it using netstat because netstat doesn't
list it as a listened port.

Oh, and it's not a forwarded port using iptables, either.

Redhat 7.3, kernel 2.4.20-20.7

--
eth'nT
http://www.hydrous.net
aim: courtarro

04-03-2004, 04:04 PM

stop the ldapservice
/etc/init.d/ldap stop

"Ethan Trewhitt" <(E-Mail Removed)> wrote in message
news:c4mktt$duj$(E-Mail Removed)...
> When I run an external portscan of my Linux box, port 389 is open. Yet it
> doesn't show up in netstat -na, and iptables should be blocking it. I'm
> using 7th Sphere to portscan from a Windows box, and it says "389:
CONNECT"
> just like it does for all other open ports. Iptables is blocking every
other
> open port like it should, but somehow this one still seems open. I can't
> even find the process that owns it using netstat because netstat doesn't
> list it as a listened port.
>
> Oh, and it's not a forwarded port using iptables, either.
>
> Redhat 7.3, kernel 2.4.20-20.7
>
> --
> eth'nT
> http://www.hydrous.net
> aim: courtarro
>
>

04-03-2004, 06:18 PM

On 2004-04-03, Jan Geertsma <(E-Mail Removed)> wrote:

> "Ethan Trewhitt" <(E-Mail Removed)> wrote in message
> news:c4mktt$duj$(E-Mail Removed)...
>
>> When I run an external portscan of my Linux box, port 389 is open. Yet it
>> doesn't show up in netstat -na, and iptables should be blocking it. I'm
>> using 7th Sphere to portscan from a Windows box, and it says "389: CONNECT"
>> just like it does for all other open ports. Iptables is blocking every
>> other open port like it should, but somehow this one still seems open. I
>> can't even find the process that owns it using netstat because netstat
>> doesn't list it as a listened port.

> stop the ldapservice
> /etc/init.d/ldap stop

Why not just block the port on the external interface?

iptables -A INPUT -i $IFACE -p tcp --dport 389 -j REJECT
iptables -A INPUT -i $IFACE -p udp --dport 389 -j REJECT

Where $IFACE holds the name of your external interface.

That way you can conitue to use LDAP on your internal network and keep the
service invisible to the outside network.

--

-John ((E-Mail Removed))

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Close	Stuart	Wireless Networks	0	06-01-2010 10:05 AM
Close a modem opened port on 2003	Crowdak	Windows Networking	0	01-13-2009 06:51 PM
What tells a triggered port to close	sstubebender@yahoo.com	Windows Networking	1	04-25-2005 02:47 PM
Q-Tec 584AA ADSL Modem: can't close outside port!	Alex Hunsley	Broadband	0	02-12-2004 09:14 AM
port 139 open , how to close it ?	E. Polinski	Linux Networking	2	01-03-2004 05:51 PM