I just updated nmap and got the front end running. I am running it and it shows 3 open ports, I dont know if its safe to show them.
Can i post the ports and what they are so i can get some feedback if they should be open or not?

also..

Does my computer have to be connected to the internet for nmap to run properly if running on the save system?

thanks

Sure you can post the ports. To get an idea of what they are yourself you can loook at the netstat output:
netstat -nlp

Also look at iana:
http://www.iana.org/assignments/port-numbers

I can;t see why your computer would need to be connected but you will need to make sure you are scannling a local device with an ip address if you have some sort of modem that doesn't have an IP then you can't scan it at that point.

After i run nmap I get this:

22/tcp open ssh
631/tcp open ipp
6000/tcp open X11

does this look normal, I am just trying to get my linux box secure so i can get it back on the internet as soon as possible.

Also, I ran a scan from http://scan.sygatetech.com
and one of the scans (tcp) showd that it can connect to port 88 and gave me a insecure message so i closed almost every service running and ran it again and the same thing happend.

Thanks

It depends on what you use the box for - personnalyI leave ssh running sice I want to access the CLI remotely. If you don't need to then firewall it off. Leaving an X server open is a bit insecure an if you don;t need to run X applications from remote machines then you can firewall it too. ipp is used for network printing so if you don;t intend to be a printer server for other machines then again it is un needed. Port 88 is used byt he kerberos authentication system so you may/may not need it running depending on the use of the server. You may find that some ports that appear open from the net are actually on proxy servers in between.

Its just a single user box, its not on a network other than a 4 port router but i dont connect the computers to each other, its just so they can share internet connection, no server printing or anything like that. I just use it for browsing the internet and basic stuff.

I dont know what SLI, Xserver, or kerboros auth. service are. I dont think i need any of those. I tried to block port 88 with firestarter but it did not block it. Is there a easy way to close ports? thanks

Fire starter is a frontend for iptables and I would assume it is doing its job. My guess is that port 88 is on some sort of ISPs proxy in the middle.

Not sure what SLI is either.

An Xserver is required to run graphical applications so you need it if you use kde/gnome etc. You can firewall it off ot external hosts though.

OH.... I just stopped some more services from runnning and now the only port nmap says open is the X11. I guess i got lucky i was just reading the descriptions of the services and guessing whether i needed them or not then shutting them down. Then only one i dont know if i need is XINETD can i stop that from running? Thanks

Xinetd controls serveral services so I would leave it running.

Ok, thanks for the info