Hi,

I ran the LiveCD of Fedora SecurityLab and noticed these ports open, 111,631, 34526.

How can I close them and what runs behind them. I know 111 is rpcbind, 631 ipp and 34526 is unknown.



Thanks.

Shut down CUPS, RPC and any related services. 34526 is an ephemeral port so you won't find it with 'getent services 34526' but 'lsof -Pwni :34526' should if in use (using 'netstat -antupe|grep 34526' being as convoluted as 'ps|grep' or 'cat|less'). You should also raise your firewall to only allow any traffic you need (SPOF) and use "-j LOG" target rules where necessary for auditing purposes.

Yea but it runs of the standard cd, without or before having modified anything.

But how can I shut down RPC and CUPS in the meantime?

Hi,

To shut down until next reboot: "service cups stop" (as root user in terminal), same for RPC (service name is "portmap").

To disable permanently, in a root terminal open "ntsysv", then remove the checks for these services.

WWell,

Thanks I found it.

And its rpcbind not portmapd. But thanks assen that helped.