tcp Ports 53 and 631

[bhubunt]

Hi,
I typed the cd ss -lntu into the terminal and noticed tcp port 53 and tcp 631 are open, listening. Both are potential liabilities, it seems. Port 631 is for cups, which I don't use.

How can I block port 631 in ufw and why do I need port 53. What happens if you block it?

[currentshaft]

Hi,
I typed the cd ss -lntu into the terminal and noticed tcp port 53 and tcp 631 are open, listening. Both are potential liabilities, it seems. Port 631 is for cups, which I don't use.

How can I block port 631 in ufw and why do I need port 53. What happens if you block it?

Use "sudo lsof -Pni" to see which processes are listening on those ports.

Port 53 is most likely used by your local domain resolver agent. If you don't use cups, you can simply uninstall it with apt.

However, there is virtually no risk in having either of these ports exposed, because they are most likely bound to localhost in the first place.

[ActionParsnip]

If you don't print then you can stop and disable the cups service. I do this myself. Printing is something I never do

[bhubunt]

I have uninstalled cups several times but it keeps coming back. I also receive updates through the Ubuntu Software Updater.

If you don't print then you can stop and disable the cups service. I do this myself. Printing is something I never do

[bhubunt]

Use "sudo lsof -Pni" to see which processes are listening on those ports.

Port 53 is most likely used by your local domain resolver agent. If you don't use cups, you can simply uninstall it with apt.

However, there is virtually no risk in having either of these ports exposed, because they are most likely bound to localhost in the first place.

Uninstalling Cups doesn't work.

[Rubi1200]

Start by showing the output of this command:

Code:

sudo systemctl status cups

If the service is running, stop it like this:

Code:

sudo systemctl stop cups

If you want to prevent it from running at startup, do this:

Code:

sudo systemctl disable cups

If you want to also prevent it from being manually started, use this command:

Code:

sudo systemctl mask cups

Not sure why you are going to so much effort to get rid of it when 3 commands can stop and disable the service.

The output of the command currentshaft asked for would have been helpful.

[bhubunt]

Start by showing the output of this command:

Code:

sudo systemctl status cups

Here you go: please explain what you see in the code below. It says cups is running, but what about the scheduling? Why is the scheduling active?
I'd appreciate it if you could unpack what you see

Code:

cups.service - CUPS Scheduler
     Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: >
     Active: active (running) since Thu 2024-05-16 21:06:35 CEST; 32min ago
TriggeredBy: ● cups.socket
             ● cups.path
       Docs: man:cupsd(8)
   Main PID: 1185 (cupsd)
     Status: "Scheduler is running..."
      Tasks: 4 (limit: 4385)
     Memory: 8.6M
        CPU: 117ms
     CGroup: /system.slice/cups.service
             ├─1185 /usr/sbin/cupsd -l
             ├─1307 /usr/lib/cups/notifier/dbus dbus:// ""
             ├─1308 /usr/lib/cups/notifier/dbus dbus:// ""
             └─1312 /usr/lib/cups/notifier/dbus dbus:// ""

Mai 16 21:06:34 XXX-ThinkPad-X240 systemd[1]: Starting CUPS Scheduler...
Mai 16 21:06:35 XXX-ThinkPad-X240 systemd[1]: Started CUPS Scheduler.

[The Cog]

Here you go: please explain what you see in the code below. It says cups is running, but what about the scheduling? Why is the scheduling active?
I'd appreciate it if you could unpack what you see

It's being scheduled because the service is enabled - you can see it's enabled on the Loaded line.

But cups only listens on on the loopback address, so it's not accessible from over the network. I'm not sure how much would stop working if you stopped it. Probably printing of any sort would stop, even print to a usb printer or print to PDF. Cups is the system print spooler.

Code:

~$ sudo ss -lntup | awk 'NR==1||/cups/'
Netid State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess                                   
udp   UNCONN 0      0            0.0.0.0:631        0.0.0.0:*    users:(("cups-browsed",pid=1126,fd=7))   
tcp   LISTEN 0      128        127.0.0.1:631        0.0.0.0:*    users:(("cupsd",pid=809,fd=7))           
tcp   LISTEN 0      128            [::1]:631           [::]:*    users:(("cupsd",pid=809,fd=6))

But notice there is also a cups-browsed process listening on UDP 631. This is listening on all addresses, for printer advertisements from remote printers. Although I think the risk is low, you may want to disable this service. I wouldn't uninstall it though - it doesn't take up much space and you may find you want it one day.

Code:

sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed

[bhubunt]

Can you pls explain what you mean in the following line:

This is listening on all addresses, for printer advertisements from remote printers.

[The Cog]

Can you pls explain what you mean in the following line:

This is listening on all addresses, for printer advertisements from remote printers.

It's listening on udp 0.0.0.0:631. That's UDP protocol port 631 - suitable single messages like just announcing the existence of an available printer. And 0.0.0.0 means listening on all interfaces and for any destination address. These adverts are usually broadcast rather than directed to a single destination address anyway, but if the computer receives the packet then it will be processed and the browser daemon will note that another printer is available for use.

It's like the printer occasionally shouts out "Hey everybody, I'm a printer and I'm here if you want me.". A single packet addressed to a broadcast address, meaning all devices on the local network.