Hiding services from port scan

Question

Upon running a port scan on my server:

22/tcp   open  ssh     (protocol 2.0)
80/tcp   open  http    nginx 1.4.6 (Ubuntu)
443/tcp  open  http    nginx 1.4.6 (Ubuntu)

3000/tcp open  ppp?
3001/tcp open  http    Node.js (Express middleware)

Is there a way to disguise that I'm running Node.js on port 3001 or better yet entirely hide port 3000 and 3001?

Node is running behind Nginx --- all traffic should be going over 80/443 so if port 3000/3001 are not publicly accessible, that's fine by me!

I'm running latest Ubuntu 64 bit.

Many thanks for any help on this.

Hi @kasperd no I haven't. Could you explain this to me please? How would this setup work? — Chris, Aug 14 '14 at 11:35
Why don't you just block public access to those ports using iptables? — Vasili Syrakis, Aug 14 '14 at 11:42
@Chris I don't know how to do it in Node.js, but this question might be relevant: http://stackoverflow.com/questions/9986220/bind-expressjs-to-a-specific-ip-address — kasperd, Aug 14 '14 at 13:32
@VasiliSyrakis Simply binding to `localhost` is less error prone than using `iptables`. There are lots of ways to misconfigure `iptables`. — kasperd, Aug 14 '14 at 13:33

score 1 · Answer 1 · answered Aug 14 '14 at 13:12

Configure Node.js to only serve either localhost or 127.0.0.1 like so:

app.listen(3001, 'localhost');

or

app.listen(3001, '127.0.0.1');

and then using either iptables or ufw block public access to the ports 3000 and 3001.

From what I gather that you have a loopback from Nginx to Node.js ports. If so, be careful to allow localhost binding to the 3001/0 ports otherwise all traffic will be blocked.

Hope this helps.

Hiding services from port scan

1 Answers1