I change the O/S on my web server today to Slackware 9.1. After installing a server I typically do a scan on it to make sure only the things I want open are open. On the scan I am getting port 1720 open. nmap returns:
1720/tcp filtered H.323/Q.931

I have done alot of searching today, and I am at the end of the rope. I have checked the ps -e, lsof, and edited /etc/inetd.conf. Nothing looks out of the ordinary. I have checked two other Slack ware 9.1 box here and neither of them have this port open. This is my webserver, so the only things I need open are httpd, and sshd. I do have ssl, php, and perl modules compiled into apache. I do not have X-windows installed on this box.

Through my searching I have come up with this information:
"1720","tcp","livelan","LiveLan (H.323 compliant)--"
"1720","tcp/udp","h323hostcall","H.323 Hostcall-- H.323 call setup protocol used by multimedia collaborative apps such as NetMeeting to establish and control a collaborative session. Session data transfer will use H.323 udp streaming (AKA: RealTime Protocol [RTP]). -- "

It seems as if this port is used for netmeeting clients. I do not believe I have anything of the sort installed, and least I should not.

Could someone please help me get this port closed? If you need me to post anymore information, just ask, I certainly will.


Thanks,

Mike

As root:
netstat -anp | grep 1720

The last column will give you PID/program.

Thank You for the reply! Nothing comes up when I do that!
root@linux:/home/mraby# netstat -anp | grep 1720
root@linux:/home/mraby#

That's because it's not open. Look at your nmap output again:
1720/tcp filtered H.323/Q.931
nmap has noticed that the port is not responding at all, no positive response (port is open) and no negative response (port is closed). You probably have iptables loaded and a rule configured to drop packets going to 1720.