Ubuntu Open Ports

server

You can get list of ports from file called /etc/services

cat /etc/services | grep 137 (example)

Example

What ports need to be open for Samba to communicate

netbios-ns - 137 # NETBIOS Name Service

netbios-dgm - 138 # NETBIOS Datagram Service

netbios-ssn - 139 # NETBIOS session service

microsoft-ds - 445 # if you are using Active Directory

run this command netstat -anltp | grep "LISTEN"

The typical web server which runs FTP, SSH, and MySQL will have output like:

tcp     0   0 127.0.0.1:3306    0.0.0.0:*   LISTEN   21432/mysqld
tcp     0   0 0.0.0.0:80        0.0.0.0:*   LISTEN   4090/apache2
tcp     0   0 0.0.0.0:22        0.0.0.0:*   LISTEN   7213/sshd
tcp6    0   0 :::21             :::*        LISTEN   19023/proftpd
tcp6    0   0 :::22             :::*        LISTEN   7234/sshd

Your question is quite broad, and "secure" is relative.

When you install a server, and open a port, there are always going to be potential vulnerabilities.

When you install a server (ssh , samba) , and start the server (they usually start by default when you boot) you open a port.

With each server (ssh, samba, http) there are configurations changes you can make to increase security.

for ssh this could include using keys (and disabling passwords), tcpwrapper, a firewall, etc.

When using a firewall there are 3 broad strategies

1) Allow all and black list bad acting IP. An example of this would be http. In gerneral you run http as a public server, allow all IP, and black list those who spam your server.

2) Deny all and allow a white list. An example of this would be ssh.

3) Limit. Sometime you limit the rate of a connection or # pings / second.

Hope that gets you started, you might want to see

https://help.ubuntu.com/11.10/serverguide/C/index.html

https://help.ubuntu.com/community/Security

Or ask a specific question about a specific server.


"filtered" doesn't necessarily equate to an open port on the target host.

In fact, it might mean nothing at all.

If, for example, there is a firewall in between wherever you're running nmap and the target, and that firewall is actively filtering out port 5000, then 5000 will appear as "filtered" in your list, without the target host ever seeing any traffic to that port - so whether or not the port is open on the target becomes utterly irrelevant.

For a definitive list of open ports on a server, try:

sudo netstat -lnp --tcp --udp

-l : only show listening ports
-n : don't bother looking up DNS hostnames
-p : show which processes have the port open
--tcp : show tcp ports
--udp : show udp ports

You could omit --tcp and --udp but then you'll get quite a lot of irrelevant local filesystem socket info which is inaccessible over a network.

sudo is required for -p to work properly, or it will just print - for any process not owned by your user.

Related

How do I restore /etc/init.d/nginx after removal? [duplicate]
How to change the desktop wallpaper that's part of a slideshow?
How to add Gmail account with 2-step verification in Empathy?
Commands for Installing Unity on Ubuntu Minimal Desktop
is there an IDE and compiler for c# in ubuntu? [duplicate]
ifconfig : Command 'ifconfig' is available in '/sbin/ifconfig'
Un-removable /etc/resolv.conf
Unable to locate package libX11-dev
Fortinet SSL VPN Client and Ubuntu 12.04
How Can I Get Transparent Right Click Menus Back in Ubuntu 12.04?
How do I change the color of the Unity upper panel?
How can I uniqely record every new command I use, and possibly timestamp it?