LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-06-2006, 08:34 PM   #1
M$ISBS
Member
 
Registered: Aug 2003
Posts: 834

Rep: Reputation: 30
does this look fishy or normal?


When I do nmap localhost I get this:

Not shown: 1678 closed ports
PORT STATE SERVICE
631/tcp open ipp

Doesnt 631 have something to do with the printer?
 
Old 12-06-2006, 08:50 PM   #2
zetabill
Member
 
Registered: Oct 2005
Location: Rhode Island, USA
Distribution: Slackware, Xubuntu
Posts: 348

Rep: Reputation: 32
Looks fine to me.

If you aren't using a printer at all then you can go ahead and disable the CUPS service. CUPS uses port 631 and you can chmod -x /etc/rc.d/rc.cups if you'll never use a printer.
 
Old 12-06-2006, 09:44 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Probably a good idea to run 'netstat -pantu' in order to verify that it is the printing service (backdoors are often configured to run on ports of other services). Also I would recommend performing your nmap scans from a remote computer as the results may be different than if you scan localhost.
 
Old 12-06-2006, 10:33 PM   #4
M$ISBS
Member
 
Registered: Aug 2003
Posts: 834

Original Poster
Rep: Reputation: 30
Thanks, I will give those recommendations a try.
 
Old 12-06-2006, 10:35 PM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Just some info on how to track this down yourself for future reference:
Code:
[hector@troy ~]$ grep '\<631/' /etc/services 
ipp             631/tcp                         # Internet Printing Protocol
ipp             631/udp                         # Internet Printing Protocol
And yes, running nmap against localhost is pretty much pointless. The netstat command identified above will tell you which interfaces the service is listening on. You'll need to run it as root to use the -p option.
 
Old 12-06-2006, 11:29 PM   #6
M$ISBS
Member
 
Registered: Aug 2003
Posts: 834

Original Poster
Rep: Reputation: 30
So if I ever use nmap it should be from another computer, but what if both computers are connected to a router?(the same router)
 
Old 12-07-2006, 04:04 AM   #7
Lotharster
Member
 
Registered: Nov 2005
Posts: 144

Rep: Reputation: 18
Quote:
Originally Posted by M$ISBS
So if I ever use nmap it should be from another computer, but what if both computers are connected to a router?(the same router)
You can also run it from you own computer. If you type the ip of your pc in your local network instead of "localhost", you will see which ports are reachable from your local network. Probably you will see that cups is reachable for localhost only.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is this normal? .nu Linux - Newbie 4 07-31-2006 11:39 AM
Soemthing Fishy with Squid Jake_B Linux - Software 2 12-29-2005 04:42 AM
Strange ( fishy ? ) default domain name Biased turkey Mandriva 0 01-13-2005 03:22 PM
Fishy Squid connectons Greenman Linux - Security 1 12-15-2004 09:17 AM
Is this normal Contempt Linux - Software 6 07-27-2003 08:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration