| View previous topic :: View next topic |
| Author |
Message |
EatYourGreens
n00b
Joined: 21 Aug 2002
Posts: 25
Location: Munich, Germany
|
 Posted: Mon Jan 06, 2003 8:59 am Post subject: Why is my port 80 open ? |
 |
|
I recently ran ShieldsUp at grc.com and was surprised to find that it shows port 80 open. I am not running a web server (at least I think I am not). However, I recently found that the directory /home/httpd has been created on my machine containing what looks like a framework web site. I am not 100% sure, but I think this happened when I emerged kdevelop.
I would like to close port 80, as I do not wish to run a web server. Does anybody have any ideas about what is happening?
_________________
Microsoft, the Gates of Hell |
|
| Back to top |
|
 |
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Mon Jan 06, 2003 9:16 am Post subject: |
|
|
lsof should be able to tell you what process has opened that port, and qpkg should tell you what package owns it.
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
EatYourGreens
n00b
Joined: 21 Aug 2002
Posts: 25
Location: Munich, Germany
|
| Posted: Wed Jan 08, 2003 10:23 pm Post subject: |
|
|
Thanks for the reply, rac. It seems that there is always a command to do whatever you need done, but the problem is finding the command.
I tried which I think should list port 80, but this did not give any output. I am wondering now whether my DSL gateway/router has opened port 80, since there is a way it can be configured by a machine on the internet side (although I do not have this function enabled)
_________________
Microsoft, the Gates of Hell |
|
| Back to top |
|
|
darktux
Veteran
Joined: 16 Nov 2002
Posts: 1086
Location: Coimbra, Portugal
|
| Posted: Wed Jan 08, 2003 10:26 pm Post subject: |
|
|
fuser 80/tcp (as root) to see the process that's opening that port.
If nothing shows up, then nmap your router 
_________________
Lego my ego, and I'll lego your knowledge
www.tuxslare.org - My reborn website  |
|
| Back to top |
|
|
OdinsDream
Veteran
Joined: 01 Jun 2002
Posts: 1057
|
| Posted: Thu Jan 09, 2003 12:54 am Post subject: |
|
|
| What about your startup scripts? Check in /etc/runlevels for what's running at boot. Try emerge -s apache and see if it's installed. |
|
| Back to top |
|
|
Rihkama
n00b
Joined: 16 May 2002
Posts: 21
Location: Finland
|
| Posted: Thu Jan 09, 2003 6:47 am Post subject: |
|
|
| Some routers (like mine Telewell EA-701B ADSL-router) provides web control panel so you might check your router's configuration too. |
|
| Back to top |
|
|
EatYourGreens
n00b
Joined: 21 Aug 2002
Posts: 25
Location: Munich, Germany
|
| Posted: Thu Jan 09, 2003 6:13 pm Post subject: |
|
|
Thanks for all the suggestions. I cannot find any application running that claims to be using port 80. emerge -s apache says not installed. fuser 80/tcp doesn't return anything. ls /etc/runlevels/boot returns alsasound checkfs clock hostname localmount net.lo serial bootmisc checkroot consolefont keymaps modules rmnologin urandom. I am not sure what most of these do, but none of them look like a webserver to me.
I have a Belkin F5D6230-3 router that allows me to designate one external ip address (or all external ip addresses) that can configure the router, but I have not enabled it. I guess it's possible that the router opens the port even though I have disabled remote admin.
I am not too concerned, now that I know there is nothing running on my gentoo box listening on port 80, but it does seem strange that the router would advertise its presence on port 80, when it will reject any connection attempts.
_________________
Microsoft, the Gates of Hell |
|
| Back to top |
|
|
OdinsDream
Veteran
Joined: 01 Jun 2002
Posts: 1057
|
| Posted: Thu Jan 09, 2003 7:09 pm Post subject: |
|
|
| EatYourGreens wrote: | Thanks for all the suggestions. I cannot find any application running that claims to be using port 80. emerge -s apache says not installed. fuser 80/tcp doesn't return anything. ls /etc/runlevels/boot returns alsasound checkfs clock hostname localmount net.lo serial bootmisc checkroot consolefont keymaps modules rmnologin urandom. I am not sure what most of these do, but none of them look like a webserver to me.
I have a Belkin F5D6230-3 router that allows me to designate one external ip address (or all external ip addresses) that can configure the router, but I have not enabled it. I guess it's possible that the router opens the port even though I have disabled remote admin.
I am not too concerned, now that I know there is nothing running on my gentoo box listening on port 80, but it does seem strange that the router would advertise its presence on port 80, when it will reject any connection attempts. |
It's most likely your router's port, and it's probably automatically opened to allow administration via the web. If you're asking an external site (like grc) to check your computer, it's not going to be able to penetrate beyond your router. For a more accurate check, try running nmap -sS <your computer's IP> from inside your network. This should provide you with more accurate information. |
|
| Back to top |
|
|
|
Networking & Security
