Re: Port scan question

[Hella <redhat echeeba com>]

linux power wrote:
> Why are more ports open when I scan the ports as root rather than as user?

This is interesting, I am not sure. I tested this on my RH 8 machine and 
could not duplicate your results. My first guess was that a non-root 
user would not see the listening sockets on ports less than 1024, but 
this is not the case for my Red Hat 7.x and 8.0 systems.

> And why are more ports closed when I scan the ip 127.0.0.1 rather then 
> the wan card ip?

This would probably be because some of the services are coded to not 
listen on the loopback interface for whatever reason. Other services 
like samba and named can be configured to only listen on the interfaces 
you specify. Lastly, a well written app might do some validity checking 
on the routing table and disable its listener on any interfaces with 
suspect routes. (this would more than likely be an older legacy application)

Not sure if these cases might be your problem, but a couple of ideas.

-CC

> http://home.no.net/~knutove/knut_ove_hauge_kuren.htm
>
> Prøv betaversjonen av den nye Yahoo! Mail 
> <http://no.i1.yimg.com/us.yimg.com/i/us/pim/sp/pim_tour_no2.swf>
> Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og 
> Notisbok