Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a firewall, that filters almost all of my open ports.. It may be better just to stop the appropriate services that require these porst, but I didn't find how to. Today when I nmaped myself I got the following:
Code:
Interesting ports on (192.168.1.115):
(The 1592 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp filtered ftp
22/tcp open ssh
37/tcp filtered time
79/tcp filtered finger
111/tcp filtered sunrpc
113/tcp filtered auth
1024/tcp filtered kdm
1387/tcp open cadsi-lm
6000/tcp filtered X11
What is that 1387 port? What is cadsi-lm? Where did it appeared from!?
One thing to keep in mind. The ports over 1024 are often dynamically assigned, meaning that any number of services could be using that port. Nmap simply uses a list of common port assignments to designate which service is using that port (unless you have recently upgraded to the brand new version of nmap). It could very well have been something like an established ssh or http connection. If you continue to see that port open after subsequent reboots or other strange activity, then you should be concerned. If your still paranoid about rootkits, try running chkrootkit.
Also, using nmap to scan yourself isn't the most reliable way to check your security, try using nmap from another machine outside your LAN for a more accurate scan.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.