Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-06-2006, 08:34 PM
|
#1
|
Member
Registered: Aug 2003
Posts: 834
Rep:
|
does this look fishy or normal?
When I do nmap localhost I get this:
Not shown: 1678 closed ports
PORT STATE SERVICE
631/tcp open ipp
Doesnt 631 have something to do with the printer?
|
|
|
12-06-2006, 08:50 PM
|
#2
|
Member
Registered: Oct 2005
Location: Rhode Island, USA
Distribution: Slackware, Xubuntu
Posts: 348
Rep:
|
Looks fine to me.
If you aren't using a printer at all then you can go ahead and disable the CUPS service. CUPS uses port 631 and you can chmod -x /etc/rc.d/rc.cups if you'll never use a printer.
|
|
|
12-06-2006, 09:44 PM
|
#3
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
Probably a good idea to run 'netstat -pantu' in order to verify that it is the printing service (backdoors are often configured to run on ports of other services). Also I would recommend performing your nmap scans from a remote computer as the results may be different than if you scan localhost.
|
|
|
12-06-2006, 10:33 PM
|
#4
|
Member
Registered: Aug 2003
Posts: 834
Original Poster
Rep:
|
Thanks, I will give those recommendations a try.
|
|
|
12-06-2006, 10:35 PM
|
#5
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Rep:
|
Just some info on how to track this down yourself for future reference:
Code:
[hector@troy ~]$ grep '\<631/' /etc/services
ipp 631/tcp # Internet Printing Protocol
ipp 631/udp # Internet Printing Protocol
And yes, running nmap against localhost is pretty much pointless. The netstat command identified above will tell you which interfaces the service is listening on. You'll need to run it as root to use the -p option.
|
|
|
12-06-2006, 11:29 PM
|
#6
|
Member
Registered: Aug 2003
Posts: 834
Original Poster
Rep:
|
So if I ever use nmap it should be from another computer, but what if both computers are connected to a router?(the same router)
|
|
|
12-07-2006, 04:04 AM
|
#7
|
Member
Registered: Nov 2005
Posts: 144
Rep:
|
Quote:
Originally Posted by M$ISBS
So if I ever use nmap it should be from another computer, but what if both computers are connected to a router?(the same router)
|
You can also run it from you own computer. If you type the ip of your pc in your local network instead of "localhost", you will see which ports are reachable from your local network. Probably you will see that cups is reachable for localhost only.
|
|
|
All times are GMT -5. The time now is 02:41 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|