Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I change the O/S on my web server today to Slackware 9.1. After installing a server I typically do a scan on it to make sure only the things I want open are open. On the scan I am getting port 1720 open. nmap returns:
1720/tcp filtered H.323/Q.931
I have done alot of searching today, and I am at the end of the rope. I have checked the ps -e, lsof, and edited /etc/inetd.conf. Nothing looks out of the ordinary. I have checked two other Slack ware 9.1 box here and neither of them have this port open. This is my webserver, so the only things I need open are httpd, and sshd. I do have ssl, php, and perl modules compiled into apache. I do not have X-windows installed on this box.
Through my searching I have come up with this information:
"1720","tcp","livelan","LiveLan (H.323 compliant)--"
"1720","tcp/udp","h323hostcall","H.323 Hostcall-- H.323 call setup protocol used by multimedia collaborative apps such as NetMeeting to establish and control a collaborative session. Session data transfer will use H.323 udp streaming (AKA: RealTime Protocol [RTP]). -- "
It seems as if this port is used for netmeeting clients. I do not believe I have anything of the sort installed, and least I should not.
Could someone please help me get this port closed? If you need me to post anymore information, just ask, I certainly will.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
That's because it's not open. Look at your nmap output again:
1720/tcp filtered H.323/Q.931
nmap has noticed that the port is not responding at all, no positive response (port is open) and no negative response (port is closed). You probably have iptables loaded and a rule configured to drop packets going to 1720.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.