Ubuntu 9.04: Why is IPP(TCP 631) open and how do I disable it?

ubuntu

Solution 1:

CUPS, which is part of the Linux Standard Base, is enabled. To stop the service:

sudo /etc/init.d/cupsys stop

To disable it from startup:

update-rc.d -f cupsys remove
update-rc.d cupsys stop 20 2 3 4 5 .

Solution 2:

Another way to stop this print server is to open a terminal shell ctrl + alt + t and type sudo service cups stop

This will stop the server and close the port, but it will restart on a reboot. You could also restart or start the service this way simply substituting restart or start where stop is in the command. :D

Solution 3:

Don't disable it, this is your printer!

To enable it again you can add port TCP 631 to your Firewall. Just type 631 in the Firewall.

More info at the Ubuntu Forums:

Thank you ! I have just deleted the port 631/tcp from FIREWALL because Facebook disconnected me alone wich gave me suspicions. So this was my printer !!! So just I'll just add again ALLOW IN TCP 631 inside my FIREWALL.

Solution 4:

Ubuntu 9.04 has "no open ports" by policy.

https://wiki.ubuntu.com/Security/Features/Historical

https://wiki.ubuntu.com/Security/Features/Historical#ports

Testing for this can be done with netstat -an --inet | grep LISTEN | grep -v 127.0.0.1: on a fresh install.

(This covers ipv4. A different command is needed for ipv6).

I believe you will find a new install of Ubuntu is listening on the address 127.0.0.1, which is only accessible from your own computer. If you scan e.g. nmap localhost, this will find the localhost IPP listener. But, if you scan the IP address of your network interface, you will not find any listener. To find the IP address of your network interface, you can run ifconfig, for example my current IP address is 172.16.1.8:

$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.1.8  netmask 255.255.255.0  broadcast 172.16.1.255
        inet6 fd5e:fcf3:b885:10:250:43ff:fe01:c0ab  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::250:43ff:fe01:c0ab  prefixlen 64  scopeid 0x20<link>
        ether 00:50:43:01:c0:ab  txqueuelen 1000  (Ethernet)
        RX packets 15144365  bytes 1999269267 (1.8 GiB)
        RX errors 3  dropped 3  overruns 0  frame 0
        TX packets 13871393  bytes 725196571 (691.6 MiB)
        TX errors 0  dropped 4712 overruns 0  carrier 0  collisions 0
        device interrupt 35  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 3626080  bytes 405627539 (386.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3626080  bytes 405627539 (386.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Solution 5:

If you scan from that machine, like:

nmap localhost

It will show the ipp port but if you scan that same machine from any other machine there really are not any open ports, like:

nmap foobar.com

So while it looks like something to worry about, it is not really anything to worry about.

Related

How to recover a VMware virtual machine
What is "Disable class based route addition" good for?
How was the first compiler compiled?
Cygwin/Git Bizarre Terminal Issue
Setting differing ACLs on directories and files
Recycle bin on substed drives
Does Skype automatically save chat history to the cloud?
How to logon to a non-domain computer from one in a domain
Why uTorrent doesn't respect upload limit?
reverse history search with regular expressions
Multimarkdown table formatting in Vim
How to list files sorted by owner in Unix?