> I am trying to find out something. I am running Mandrake 7.2, and my
> firewall that I am useing is LnxFire[Gnome] . When I do a Port scan on any
> of the sites out there, it comes up clean and no ports open,everything is
> stealth. When I do my own nmap scan, well i get this
> 631/tcp open unknown
> 1024/tcp open kdm
> 1026/tcp open nterm
> 6000/tcp open X11
> 16001/tcp open unknown
> My Ip changes everytime, so i don't mind sharing this.
> how is this when other scans outside the box get nothing? And also can
> someone explain what these things that are open
> [unknown,kdm,nterm,X11,unknown] are?I want to close these things up, I have
> my firewall set that there is no servers at all on my system.
> I am new to linux , but that doesn't stop me from wanting to learn
> thanks for the help
> silver
First of all, when you scan yourself, you're probably scanning over
the loopback device, a "fake" network device which lets you connect to your
own servers. That's what's going on. If nobody can connect from outside,
you're probably okay.
Anyway, here are a few suggestions. Port 631 is the standard CUPS
port (the replacement for LPR). There are options in its config file for
restricting the ip addresses which can connect to it. Don't let anyone at
all connect. If you do this, you'll still be able to connect because you're
using the loopback device (neat, eh?)
Kdm is the boot manager (the program that's running when you login)
for kde, right? My suggestion is to boot into runlevel 3, instead of 5, but
you may not want to do that.
I don't know what nterm is except that it is a terminal emulation
server (for logging in to your system). Get rid of it.
As for XWindows, you can start X with the "-nolisten tcp" switch to
make sure that absolutely nobody can connect from outside your box.
Port 16001 is "esd", which I think is the "Enlightenment Sound
Daemon". I don't know what to do about this, but I bet you can think of
something.
Marcus
by