Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-31-2006, 11:43 PM
|
#1
|
|
Member
Registered: Dec 2005
Distribution: Slackware, SLAX, Redhat, Fedora
Posts: 133
Rep: 
|
Different nmap results
I tried to use -sS scan on two addresses. First on localhost and the second on my external ip. The thing is, I get different results which makes me confused. Based on my settings, the localhost results seem to be the correct one while the scan on the external ip is reporting that I have open ports even for apps/services that I don't even use. Is this something that can be a cause for alarm or something? Thanks in advance guys.
|
|
|
|
|
06-01-2006, 01:52 AM
|
#2
|
|
Member
Registered: Jan 2004
Location: /lost+found
Distribution: Slackware 14.2
Posts: 849
Rep:
|
Just because you're not using the applications on those ports doesn't mean those ports aren't open. What is nmap showing as open? Also, run netstat -tulnap to get a list or ports that are open.
|
|
|
|
|
06-01-2006, 04:43 AM
|
#3
|
|
Member
Registered: Dec 2005
Distribution: Slackware, SLAX, Redhat, Fedora
Posts: 133
Original Poster
Rep:
|
I don't see the open ports as reported with nmap -sS using my external ip.
in external ip it says:
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
and i know i have shutdown those services . . .
however, this comes out when scan 127.0.0.1:
PORT STATE SERVICE
22/tcp open ssh
37/tcp open time
113/tcp open auth
631/tcp open ipp
and i believe that is more correct than the former. so, can anyone enlighten me further?
also when i do a netstat -tulnap none of those ports listed when i scan the external ip showed up.
|
|
|
|
|
06-01-2006, 08:22 AM
|
#4
|
|
Moderator
Registered: May 2001
Posts: 29,415
|
For "open" read "accessable" or better: "unfiltered". Next to that nmap uses it's own number-to-port mapping similar to /etc/services and just like the services file it's a *static* mapping. So, to extract information and confirm, if a port is "open" and there is service bound to it, use the version scan option. BTW, scanning localhost uses loopback which usually is excluded from filtering in the firewall and so gives a skewed picture of what is accessable. Best way is to scan from a box that's not in your LAN or use on of the free online services.
netstat -tulnap
"a" vs "l"...
|
|
|
|
All times are GMT -5. The time now is 10:37 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
