I ran this scan on my Debian laptop against EvilEntity linux fresh install (also on my network)
some results:
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
37/tcp open time
79/tcp open finger
111/tcp open rpcbind
113/tcp open auth
139/tcp open netbios-ssn
513/tcp open login
514/tcp open shell
515/tcp open printer
666/tcp open doom

On my windowsXP fresh install there are no open ports.

so... Do you have a question?

Shutdown the services not needed.

139/tcp open netbios-ssn

Also this is a windows port, are you running samba? Why did you not find the same port on windows?

I just happen to like an installation that lets me choose which ports I want open.
It does not 'appear' professional otherwise. What is port 666 for instance?
I installed several versions of linux/unix and none of them have open ports out of the box or fresh install.

I can think of good reasons for keeping this operating system and perhaps learn from doing so..


Just my opinion and I thought my post would be of help!

port 666 is for the game doom or many windows trojans, so I find it hard to believe this is a port scan of a linux box.

I assume you have EvilEntity linux.
I ran a port scan on DSL Debian laptop that is dual booted with
WindowsXP against a dialup connection (EvilEntity). I used the /sbin/ifconfig to get the IP address (of EE)and did a netstat -n to see if all those ports were being listened on. I used the same phone line which I don't think should make a difference anymore than if I cross cabled my two computers together.
Go figure , perhaps I got it wrong.
The netstat -n and netstat -a confirmed that several of the above ports were being listened on on EE.

My port scan also confirmed that the scan was made from the
evilentity IP address.

I need to read something on sockets and check out the /etc/services or the daemons super server on EvilEntity. I think you can name it (socket sever)anything so maybe 666\tcp doom is not what it says it is.

I should have posted my remarks to EvilEntity--however (they )are not responsive.

I have never used evilentity linux or evilentity anything for that matter. Here is the nmap against my (Slackware)linux windows-file server:

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-03-07 22:18 CST
Interesting ports on . (192.168.10.3):
(The 65528 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
113/tcp open auth
139/tcp open netbios-ssn
445/tcp open microsoft-ds

Nmap run completed -- 1 IP address (1 host up) scanned in 31.673 seconds

Checks out okay, nothing funny. Now a stock install slackeware 10.1 using official cd's dont know if it matters though:
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-03-07 22:25 CST
WARNING: We could not determine for sure which interface to use, so we are guessing 127.0.0.1 . If this is wrong, use -S <my_IP_address>.
Interesting ports on localhost (127.0.0.1):
(The 65528 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp

Nmap run completed -- 1 IP address (1 host up) scanned in 0.467 seconds

Now that is even better. Also I am behind a hardware firewall. I also checked out evilentity linux and it is still beta, if that matters. I have never seen so many open ports by default and I have tried many distros. That is crazy.

Thanks for your response.

I should also go to sygate's online scanner for a double check.
All the ports can be easly closed by placing the pound sign on the uneeded daemons in inetd.conf.
# ssj telnet stream tcp nowait root/usr/sbin/tcpd in.telnetd

also important after commenting the daemon

kill -HUP $(cat /var/run/inetd.pid)

then try 'netstat -ta' will tell you if the port is closed.

Depends on what you mean by a stock install...

I disable rc.ssh and rc.sendmail in the setup of Slackware, so there are no ports open for me.