LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-01-2005, 03:48 PM   #1
master
Member
 
Registered: Oct 2003
Location: Birmingham/Eng/UK
Distribution: /Debian3.1/suse/XP/Win7
Posts: 677

Rep: Reputation: 30
nmap shows nothing on windows


Hello i run debian 3.1 at the moment and windows xp.from my linux box when i do nmap on windows it comes back with zero results.which is great but when i do it on linux it allways finds something open.My question is why all the jokes about windows.This is the feedback i got from nmap on my linux box.
Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-10-01 21:11 BST
Interesting ports on 192.168.1.100:
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
113/tcp open auth
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
787/tcp open unknown
810/tcp open unknown
2049/tcp open nfs
5432/tcp open postgres

Nmap finished: 1 IP address (1 host up) scanned in 0.324 seconds
It seems to me i might have a few thing open i dont need.Can any one tell me why i need port 787 & 810 open,now i use ssh so i guess that needs to be open i use nfs so i figure that should be open also i dont understand what "auth" is for and "netbios-ssn"
thanks nige
 
Old 10-01-2005, 05:26 PM   #2
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
Well... Windoze XP now come with a (very crappy) firewall that block most traffic that want to get in (very buggy and gave me a lot of headache already!), so it is possible that you see nothing while scanning your windoze box. Same if you are running Norton, Zone alarm or any other firewalls.

For linux... well, on most "user-friendly" distro, you have a big bunch of services that come with the default installation. This ia a dumb behavior atmo, as most users never know about it and get rooted really fast. I recommend that you close everything but service you are acrtually using. Or you could at least make a very basic iptables firewall script to block certains ports.

"auth" is the "identh" daemon, some old utility, mainly used by IRC (and finger?) now. Total crap, full of security hole, you better close this unless you really need it.
"netbios-ssn" is samba (the windoze-like file sharing deamon). Since NT, windoze boxes use port 445, but port 139 is still open for backward compatibility.

787 and 810 are probably relative to RPC and NFS. Use "netstat -ap" to find out what process use these ports.
 
Old 10-03-2005, 10:56 PM   #3
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Rep: Reputation: 63
Are you running a website? No? Then don't run a webserver either (port 80)
Is your box a nameserver? No? Then kill named (port 53)
Do you need a relational database server? No? Then kill postgresql (port 5432) or at least configure it not to listen on the network.

HalfElf explained the rest...

Also, consider where you are scanning from...if from within your trusted LAN, many more ports may be open then are available from the internet at large.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap ? how do i do nmap in linux ? command not found abbasakhtar Linux - Newbie 2 01-02-2011 01:08 AM
Windows shows foldes as read only jocast Linux - Software 37 01-06-2005 09:47 AM
snmp staus shows it running but on trying MRTG, it shows public@ipaddr not giving res swati220781 Linux - Networking 3 07-08-2004 05:32 PM
nmap shows port 21 open, but no ftp service running ? epoo Linux - Networking 3 12-21-2003 08:16 PM
Windows XP Shows the Direction Microsoft is Going. Edward78 General 4 04-05-2003 12:01 AM


All times are GMT -5. The time now is 11:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration