Open ports when i scan my own box, closed when others scan it

Open ports when i scan my own box, closed when others scan it

Post by silve » Tue, 29 May 2001 05:41:13



I am trying to find out something. I am running Mandrake 7.2, and my
firewall that I am useing is LnxFire[Gnome] . When I do a Port scan on any
of the sites out there, it comes up clean and no ports open,everything is
stealth. When I do my own nmap scan, well i get this
631/tcp  open  unknown
1024/tcp  open  kdm
1026/tcp open  nterm
6000/tcp  open  X11
16001/tcp open   unknown
My Ip changes everytime, so i don't mind sharing this.

how is this when other scans outside the box get nothing? And also can
someone explain what these things that are open
[unknown,kdm,nterm,X11,unknown] are?I want to close these things up, I have
my firewall set that there is no servers at all on my system.

I am new to linux , but that doesn't stop me from wanting to learn
thanks for the help

silver

--
****************************************************************
Registered Linux User #215731
Licq #107395280

Enjoy Life........
;-)

 
 
 

Open ports when i scan my own box, closed when others scan it

Post by Marcu » Tue, 29 May 2001 06:32:17



> I am trying to find out something. I am running Mandrake 7.2, and my
> firewall that I am useing is LnxFire[Gnome] . When I do a Port scan on any
> of the sites out there, it comes up clean and no ports open,everything is
> stealth. When I do my own nmap scan, well i get this
> 631/tcp  open  unknown
> 1024/tcp  open  kdm
> 1026/tcp open  nterm
> 6000/tcp  open  X11
> 16001/tcp open   unknown
> My Ip changes everytime, so i don't mind sharing this.

> how is this when other scans outside the box get nothing? And also can
> someone explain what these things that are open
> [unknown,kdm,nterm,X11,unknown] are?I want to close these things up, I have
> my firewall set that there is no servers at all on my system.

> I am new to linux , but that doesn't stop me from wanting to learn
> thanks for the help

> silver

        First of all, when you scan yourself, you're probably scanning over
the loopback device, a "fake" network device which lets you connect to your
own servers.  That's what's going on.  If nobody can connect from outside,
you're probably okay.

         Anyway, here are a few suggestions.  Port 631 is the standard CUPS
port (the replacement for LPR).  There are options in its config file for
restricting the ip addresses which can connect to it.  Don't let anyone at
all connect.  If you do this, you'll still be able to connect because you're
using the loopback device (neat, eh?)

        Kdm is the boot manager (the program that's running when you login)
for kde, right?  My suggestion is to boot into runlevel 3, instead of 5, but
you may not want to do that.

        I don't know what nterm is except that it is a terminal emulation
server (for logging in to your system).  Get rid of it.

        As for XWindows, you can start X with the "-nolisten tcp" switch to
make sure that absolutely nobody can connect from outside your box.

        Port 16001 is "esd", which I think is the "Enlightenment Sound
Daemon".  I don't know what to do about this, but I bet you can think of
something.

                                                            Marcus