I just portscanned my system with nmap and got the following result:
PORT STATE SERVICE
25/tcp open smtp
631/tcp open ipp
what are these services and how i do disable them? probably i don't need them.
Asked
Active
Viewed 4.8k times
4 Answers
10
Port 25 is, as your post already says, SMTP. This means there is a mailserver installed and listening to requests on your port 25. This is quite unusual on a desktop computer, propably happened accidentaly while installing another program that sends emails.
Port 631 is the port for CUPS, the printer driver software. This is quite usual as it comes with the default installation. If you configure your computer for sharing printers, port 631 will always be open to the other computers, so they can use the printer.
If you want to find out, which exact program is responsible for an open port, type:
sudo fuser -v 25/tcp
replacing 25 in the example with your desired port. This should tell you which program is running.
From then on, you have several possibilities. First, you can just uninstall the corresponding program, in this case the mailserver that's running. Second, if you want to keep the program, you could try just stopping the service, like so:
sudo stop exim4
Please note that YMMV here, as different programs use different filenames for their services and could be started in a totally different way.
Also, please note that scanning your computer from itself will reveal ports that are open only on localhost. Those are closed to the outside but need to be open to localhost, like Cups. This does not pose a security risk.
Florian Heinle
- 2,187
4
Your best bet generally is to run a firewall from day one -
sudo ufw enable
- which will block all inbound traffic by default. This gives peace of mind that if you install something that silently opens ports on your system (such as enabling network printing), then you're still protected generally.
Conversely, this will mean that you will install services, forget a firewall is running and wonder why nothing is working!
Add smtp by simply typing sudo ufw allow in smtp (for example). Do man ufw for further useful examples.
You can also modify the firewall graphically :
sudo apt-get install gufw
then run the firewall manager from System/Administration/Firewall.
Scaine
- 11,139
0
Those two services are your cups service for printer management and printing over the network. Did you enable network printing or did you find this was the case by default?
Martin Owens -doctormo-
- 20,060
-
hi, at the moment i have not installed any printer. so i guess it was default? – NES Dec 29 '10 at 18:10
0
If you don't need a certain service just uninstall it, so it can't be re-enabled in the background or use an outgoing connection.
sudo apt-get remove --purge exim4 cups-daemon brltty
exim4 removes support for outgoing mail (just use the smtp of your isp), cups-daemon removes printing support and brltty is only usefull for people with impaired vision.
You can also install bum (BootUp-Manager), maybe you find some more services you want to disable ... I don't have a scanner for example!
sudo apt-get install bum
Blocking unused services with a firewall is a waste of resources.
sudo exim stop– karthick87 Dec 29 '10 at 18:16sudo update-rc.d -f cups removeand to re-enable:sudo update-rc.d cups defaults– Florian Heinle Dec 29 '10 at 20:34