Consernerd with some open ports

[Monarch]

Hello you All im here Coz i am conserned with some open Ports in my system and i wonder if some one Can help me ou with them i have tried everithing included Blocking this ports on the firewall But i ddint add sucess this are the ports that are open on my laptop if some one knows What i can do to block them or close them For ever Please Let me know this are my Netstat -ant

Special atention to the port number 50359 "ESCUTA Means LISTEN"

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:631 0.0.0.0:* ESCUTA
tcp 0 0 0.0.0.0:50359 0.0.0.0:* ESCUTA
tcp 0 0 88.210.73.177:57303 209.85.227.165:80 ESTABELECIDO
tcp 0 0 88.210.73.177:35294 209.85.227.154:80 ESTABELECIDO
tcp 0 0 88.210.73.177:35291 209.85.227.154:80 ESTABELECIDO
tcp 0 0 88.210.73.177:57301 209.85.227.165:80 ESTABELECIDO
tcp 0 0 88.210.73.177:57304 209.85.227.165:80 ESTABELECIDO
tcp 0 0 88.210.73.177:57306 209.85.227.165:80 ESTABELECIDO
tcp6 0 0 :::139 :::* ESCUTA
tcp6 0 0 ::1:631 :::* ESCUTA
tcp6 0 0 :::445 :::* ESCUTA

[DrHu]

Hello you All im here Coz i am conserned with some open Ports in my system...
Special atention to the port number 50359 "ESCUTA Means LISTEN"

Which application that you have installed requires port 50359 ? and is it a Linux connection or a window connection ?

http://www.mysql-apache-php.com/importa ... _ports.htm
port numbers..

http://www.cyberciti.biz/tips/linux-dis ... owner.html
http://www.cyberciti.biz/faq/how-do-i-f ... sd-server/
http://blogs.techrepublic.com.com/security/?p=443

Your list

Code: Select all

]tcp 0 0 88.210.73.177:57303 209.85.227.165:80 ESTABELECIDO
tcp 0 0 88.210.73.177:35294 209.85.227.154:80 ESTABELECIDO
tcp 0 0 88.210.73.177:35291 209.85.227.154:80 ESTABELECIDO 

--example 209.85.227.154:80. http access port 80, normal web receiver port, unless you have something to worry about
Are you running a web server on your system

• http://ws.arin.net/whois/?queryinput=88.210.73.177
  http://en.wikipedia.org/wiki/RIPE
  http://www.ripe.net/
  --that's Ripe, you use the Ripe network ?
  http://ws.arin.net/whois/?queryinput=209.85.227.165
  --that's google

If you use Firefox, you can use the addon customize google to prevent click tracking
--plus various other browser tweaks to eliminate cookies, history etc
--also install bleachbit, chkrootkit and rkhunter
bleachbit to clean history, thumbnails (images or ad pictures viewed), cache of browsers etc
chkrootkit to check for rootkits on the OS
rkhunter same reason..

I am also using an /etc/hosts file to block unwanted advertising or Mal-ware sites like doubleclick

• /etc/hosts
  127.0.0.1 stats.adobe.com
  127.0.0.1 goog-phish-shavar
  127.0.0.1 goog-malware-shavar

By pointing to 127.0.0.1 for a domain name or a web site address, any data transfer is blocked to that site, since it can't read 127.0.0.1 (the localhost name) on the Internet as a valid web site
http://www.mvps.org/winhelp2002/hosts.htm


This is mine

Code: Select all

netstat -aNt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:ipp           0.0.0.0:*               LISTEN     
tcp6       0      0 ::1:ipp                 :::*                    LISTEN     

You can harden a Linux system, if this applies to your situation by installing other applications, such as apparmour
http://developer.novell.com/wiki/index. ... l_AppArmor
http://ubuntuforums.org/showthread.php?t=1008906
--available in repository
on terminal, check

• apt search apparmor
  p apparmor - User-space parser utility for AppArmor
  p apparmor-docs - Documentation for AppArmor
  p apparmor-profiles - Profiles for AppArmor Security policies
  p apparmor-utils - Utilities for controlling AppArmor

http://www.debian.org/doc/manuals/secur ... ian-howto/
http://www.linuxsecurity.com/docs/harde ... ep.en.html

• in order to do a service hardening, make a list of services currently awake in your system.
  $ ps -aux
  $ netstat -pn -l -A inet
  # /usr/sbin/lsof -i | grep LISTEN

security auditing software..
http://almosteffortless.com/2009/05/15/ ... ian-lenny/

[mick55]

Hi

Port 445 is Microsoft Directory Services
Port 139 is Windows NetBIOS
Port 631 is IPP (Internet Printing Protocol)
127.0.0.1 and 0.0.0.0 are loopback addresses being
used by your firewall.
209.85.227.165 is Google.com

There's really nothing at all unusual about
your configuration.

If you want to permanently close ports 139 and 445
you have to modify the registry.

Are you really sure you want them closed

[Monarch]

Which application that you have installed requires port 50359 ? and is it a Linux connection or a window connection ?

Hello ther i really dont know What aplication is using that port if i knew i would delete it i have instaled avira under Mint yes this is under linux
And Avira is not detecting virus or malware or rootkits i am familiarized with ports and theyr services under windows they are not diferent here what is conserning me is that this kinda of ports are always related to virus.....
Im not used to Linux this is something new to me so im going ahead to see if your advices fix my problem.

[Monarch]

DrHu just found The Problem with one of the commands you show me over ther "sudo netstat -pn -l -A inet "

the program using that port i Avira lol i ddint knew this im sorry for the confusion and thanks for the tips
i realy apreciate it many thanks if is ther somethig i can do for you let me know

$ sudo netstat -pn -l -A inet
Ligações de Internet Activas (só servidores)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* ESCUTA 3081/cupsd
tcp 0 0 0.0.0.0:50359 0.0.0.0:* ESCUTA 2601/avgu_stats