1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Linux Ports

Discussion in 'Linux' started by SpOonWiZaRd, Feb 14, 2008.

  1. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa

    Introduction



    Linux systems are often used as server computers, or at least they are connected to the internet more or less directly. On such systems, network security is particularly important, because incorrectly configured servers can provide miscreants with a way into your system to do whatever damage they like. One of the first lines of defence against such problems is limiting access by port. In this context a port is a numbered access point for your computer, much like a telephone extension number in a business phone system. Ports are related to sockets, which are programming abstractions of network connection endpoints. Typically you wont deal with sockets per se as a system administrator, though. You can protect access by port in three main ways:

    • By configuring a Firewall
    • By using restrictions built into super servers
    • By disabling servers you are not actively using

    First, though, you must know a bit about ports.

    Common server ports



    Many firewalls and other network security devices operate by blocking or enabling access to specific ports. For instance, a firewall might block outside access to the SSH ports but let through traffic to the SMTP (Simple Mail Transfer Protocol) mail server port. In order to configure a firewall in this way, of course, you must know the port numbers. Linux systems contain a file, /etc/services, that lists service names and the ports with which the are associated. Lines in this file look something like this:
    • ssh 22/tcp # SSH Remote Login Protocol
    • ssh 22/udp # SSH Remote Login Protocol
    • telnet 23/tcp
    • # 24 - private
    • smtp 25/tcp
    The fisrt coloumn contains a service name (ssh, telnet, or smtp in this example). The second coloumn contains the port number and protocol (such as 22/tcp, meaning TCP port 22). Anything following a bash mark (#) is a comment and is ignored. The etc/services file lists port numbers for both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports. Typically, a single service is assigned use of the same TCP and UDP port numbers (as in the ssh service in this example), although in practice most protocols use just one or the other. When configuring a firewall, its generally bets to block both TCP and UDP ports; this ensures that you wont accidently block the wrong port type.

    The following summarizes the port numbers used by the most important protocols run on Linux systems. This list is, however, incomplete; it only hit some of the most common protocols. In fact, even /etc/services is incomplete and may need to be expanded for certain obscure servers. (Their documentation describes how to, if necessary.)

    Port Numbers Used by Some Common Protocols



    Port Number TCP/UDP Protocol
    20 & 21 TCP FTP
    22 TCP SSH
    23 TCP Telnet
    25 TCP SMTP
    53 TCP & UDP DNS
    67 UDP DHCP
    69 UDP TFTP
    80 TCP HTTP
    88 TCP Kerberos
    109 & 110 TCP POPv2 & POPv3
    111 TCP & UDP Port Mapper
    113 TCP auth/ident
    119 TCP NNTP
    123 UDP NTP
    137 UDP NetBIOS Name Service
    138 UDP NetBIOS Datagram
    139 TCP NetBIOS Session
    143 TCP IMAP 2
    161 UDP SNMP
    177 UDP XDMCP
    220 TCP IMAP 3
    389 TCP LDAP
    443 TCP HTTPS
    445 TCP Microsoft DS
    514 UDP Syslog
    515 TCP Spooler
    636 TCP LDAPS
    749 TCP Kerberos Admin
    5800-5899 TCP VNC via HTTP
    5900 TCP VNC
    6000-6099 TCP X (X.org-X11, XFree86)

    One key distinction between TCP/IP ports is that between privileged ports and unprivileged ports. The former have numbers below 1024. Unix and Linux systems restrict access to to privileged ports to root. The idea is that a client can connect to a privileged port and and be confident that the server running on that port was configured by the system administrator and can then be trusted. Well, today we don't trust eachother very much on the internet so that distinction isn't vey useful. Know your ports, believe me it's useful!!
     

Share This Page