Are the following open ports a danger?

Ted Potter tpotter at techmarin.com
Tue Aug 10 07:38:32 UTC 2004 

funny with his ip address how can he get to the internet ?
and it looks like he is running nmap from the same machine.

I would guess he is behind a nat router that includes a firewall.

Try running the scan at http://www.grc.com  and see what ip address they
report you using. Bet it is not 192.168.1.1





On Mon, 2004-08-09 at 23:14, Graeme Nichols wrote:
> Chris Hewitt wrote:
> 
> > On Mon, 2004-08-09 at 04:16, Graeme Nichols wrote:
> > 
> >>Hello Folks, I have just become aware of a utility, nmap, to discover
> >>open ports on my system. The output of the run is as follows:-
> >>
> >>[graeme at barney graeme]$ sudo nmap -sS -O barney
> >> 
> >>Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-09 13:07
> >>EST
> >>Interesting ports on barney.localdomain (192.168.1.1):
> >>(The 1637 ports scanned but not shown below are in state: closed)
> >>PORT      STATE SERVICE
> >>1/tcp     open  tcpmux
> >>11/tcp    open  systat
> >>15/tcp    open  netstat
> >>22/tcp    open  ssh
> >>111/tcp   open  rpcbind
> >>143/tcp   open  imap
> >>540/tcp   open  uucp
> >>635/tcp   open  unknown
> >>1024/tcp  open  kdm
> >>1080/tcp  open  socks
> >>1524/tcp  open  ingreslock
> >>2000/tcp  open  callbook
> >>6667/tcp  open  irc
> >>10000/tcp open  snet-sensor-mgmt
> >>12345/tcp open  NetBus
> >>12346/tcp open  NetBus
> >>31337/tcp open  Elite
> >>32771/tcp open  sometimes-rpc5
> >>32772/tcp open  sometimes-rpc7
> >>32773/tcp open  sometimes-rpc9
> >>32774/tcp open  sometimes-rpc11
> >>54320/tcp open  bo2k
> >>Device type: general purpose
> >>Running: Linux 2.4.X|2.5.X
> >>OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
> >>Uptime 0.056 days (since Mon Aug  9 11:47:15 2004)
> >> 
> >>Nmap run completed -- 1 IP address (1 host up) scanned in 6.560 seconds
> >>
> >>Are any of the above open ports posing a danger that I should close?
> >>
> >>My apologies for a dumb question but iptables is not my forte I'm
> >>afraid. BTW, nmap got my system wrong, its FC2 on kernel 2.6.6
> > 
> > 
> > Graeme,
> > 
> > Whilst waiting for others who know more :-) I suggest you probably do
> > not have a firewall running. Check with (as root):
> > service iptables status
> > 
> > HTH
> > Chris
> 
> Hi Chris, I do have iptables running. I can see it start at bootup. I 
> used the graphical utility and told it to close all incoming ports 
> except ssh and mail and web browsing. I got quite a fright when I saw 
> all those ports open (I only just came across Nmap). I am having a bit 
> of a problem with the system at the moment, cannot get the Xserver to 
> fire up. Bombs out with "unix/7100" font path not able to open and 
> cannot load fixed fonts. I'm only hoping I haven't been hacked.
-- 
Ted Potter
tpotter at techmarin.com
www.techmarin.com
yahoo: potterbigdog

More information about the Redhat-install-list mailing list