One of the first thing you learn as a system administrator is that programs (applications, scripts) need TCP connections to communicate with other devices. This can sometimes also be a problem. Some exploits open a new port and can cause some serious problems.
However, there is a very simple way to find out which programs opened TCP ports on your machine:
netstat -tlnp
You may see that some ports are open on 0.0.0.0 – this means they are listening on ALL network interfaces.
Other applications are listening only on 127.0.0.1 – this means they accept connections only from the local machine.
As a general principle, you should limit the access only to the networks which are required.
[root@bubble ~]# netstat -tlnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5349/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3959/named tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2773/smtpd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 16507/nginx tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 20722/snmpd tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2363/php-fpm tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 28984/vsftpd tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 16507/nginx tcp 0 0 108.166.185.123:53 0.0.0.0:* LISTEN 3959/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3959/named tcp 0 0 :::22 :::* LISTEN 5349/sshd tcp 0 0 ::1:953 :::* LISTEN 3959/named tcp 0 0 :::3306 :::* LISTEN 31184/mysqld tcp 0 0 :::8080 :::* LISTEN 19340/httpd
Yes, I know, not very intuitive, but trust me, it is very powerful.
