Are the following open ports a danger?
Ted Potter
tpotter at techmarin.com
Tue Aug 10 07:38:32 UTC 2004
funny with his ip address how can he get to the internet ?
and it looks like he is running nmap from the same machine.
I would guess he is behind a nat router that includes a firewall.
Try running the scan at http://www.grc.com and see what ip address they
report you using. Bet it is not 192.168.1.1
On Mon, 2004-08-09 at 23:14, Graeme Nichols wrote:
> Chris Hewitt wrote:
>
> > On Mon, 2004-08-09 at 04:16, Graeme Nichols wrote:
> >
> >>Hello Folks, I have just become aware of a utility, nmap, to discover
> >>open ports on my system. The output of the run is as follows:-
> >>
> >>[graeme at barney graeme]$ sudo nmap -sS -O barney
> >>
> >>Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-09 13:07
> >>EST
> >>Interesting ports on barney.localdomain (192.168.1.1):
> >>(The 1637 ports scanned but not shown below are in state: closed)
> >>PORT STATE SERVICE
> >>1/tcp open tcpmux
> >>11/tcp open systat
> >>15/tcp open netstat
> >>22/tcp open ssh
> >>111/tcp open rpcbind
> >>143/tcp open imap
> >>540/tcp open uucp
> >>635/tcp open unknown
> >>1024/tcp open kdm
> >>1080/tcp open socks
> >>1524/tcp open ingreslock
> >>2000/tcp open callbook
> >>6667/tcp open irc
> >>10000/tcp open snet-sensor-mgmt
> >>12345/tcp open NetBus
> >>12346/tcp open NetBus
> >>31337/tcp open Elite
> >>32771/tcp open sometimes-rpc5
> >>32772/tcp open sometimes-rpc7
> >>32773/tcp open sometimes-rpc9
> >>32774/tcp open sometimes-rpc11
> >>54320/tcp open bo2k
> >>Device type: general purpose
> >>Running: Linux 2.4.X|2.5.X
> >>OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
> >>Uptime 0.056 days (since Mon Aug 9 11:47:15 2004)
> >>
> >>Nmap run completed -- 1 IP address (1 host up) scanned in 6.560 seconds
> >>
> >>Are any of the above open ports posing a danger that I should close?
> >>
> >>My apologies for a dumb question but iptables is not my forte I'm
> >>afraid. BTW, nmap got my system wrong, its FC2 on kernel 2.6.6
> >
> >
> > Graeme,
> >
> > Whilst waiting for others who know more :-) I suggest you probably do
> > not have a firewall running. Check with (as root):
> > service iptables status
> >
> > HTH
> > Chris
>
> Hi Chris, I do have iptables running. I can see it start at bootup. I
> used the graphical utility and told it to close all incoming ports
> except ssh and mail and web browsing. I got quite a fright when I saw
> all those ports open (I only just came across Nmap). I am having a bit
> of a problem with the system at the moment, cannot get the Xserver to
> fire up. Bombs out with "unix/7100" font path not able to open and
> cannot load fixed fonts. I'm only hoping I haven't been hacked.
--
Ted Potter
tpotter at techmarin.com
www.techmarin.com
yahoo: potterbigdog
More information about the Redhat-install-list
mailing list