Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I tried to use -sS scan on two addresses. First on localhost and the second on my external ip. The thing is, I get different results which makes me confused. Based on my settings, the localhost results seem to be the correct one while the scan on the external ip is reporting that I have open ports even for apps/services that I don't even use. Is this something that can be a cause for alarm or something? Thanks in advance guys.
Just because you're not using the applications on those ports doesn't mean those ports aren't open. What is nmap showing as open? Also, run netstat -tulnap to get a list or ports that are open.
For "open" read "accessable" or better: "unfiltered". Next to that nmap uses it's own number-to-port mapping similar to /etc/services and just like the services file it's a *static* mapping. So, to extract information and confirm, if a port is "open" and there is service bound to it, use the version scan option. BTW, scanning localhost uses loopback which usually is excluded from filtering in the firewall and so gives a skewed picture of what is accessable. Best way is to scan from a box that's not in your LAN or use on of the free online services.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.