port question

[lpaulgib]

I just nmaped my localhost, and found these open.

Port State Service
22/tcp open ssh
25/tcp open smtp
111/tcp open sunrpc
139/tcp open netbios-ssn
631/tcp open ipp
708/tcp open unknown
6000/tcp open X11
10000/tcp open snet-sensor-mgmt


What is netbios-ssn, and some of those. Are any of those something I should worry about. I heard things about netbios, and that unknown one has me.

[D0pp139an93r]

576869746568617 provided these in another thread:

http://<a rel="nofollow" href="http:...table.html</a>
http://<a rel="nofollow" href="http:...other.html</a> - Internet Ports, Services, & Trojans
http://<a rel="nofollow" href="http:...table.html</a> -Trojan TCP Ports
http://<a rel="nofollow" href="http:...rt-numbers</a> - The Official TCP Port Database


Here's the thread:
http://www.antionline.com/showthrea...threadid=253054


I don't know for sure, but the only odd one seems to be the unknown one. Correct me if I'm wrong people.

Edit: Sorry bout the bad link....

[SSJVegeta-Sei]

I suppose it could be a trojan port or something...

Do you run any strange online services on your comp?
I'd recommend closing that one down (at least!) and checking to see if everything still runs normally - no point in keeping a port open you don't need, that's like a signed invitation :P

Regards,

SSJVegeta-Sei

[SirDice]

If I'm not mistaken this is some sort of un*x (Linux?) box.
(22, 25, 111 and 6000 are usually not open on a windows box).

You probably installed Samba. If you're worried about it, deinstall it.

[lpaulgib]

Yeah. Mandrake 9.2 . So the unknown is Samba? I'll shut off the unknown. Don't really know how to do that, but I'll figure it out.

[slick8790]

Random thought:

Are you running a firewall? If so, check to see if it has any trusted network settings. If it does, disable them and scan again. You could also just scan from another computer outside your home/work network. I scanned myself recently and noticed 4 or 5 ports open. No matter what i did, they wouldnt close. When i tryed to see what could be done to my computer with the open ports by scanning from a friends computer, it showed no ports open. Trusted IP's get more privaleges then any old IP.



slick

[ShagDevil]

I also noticed, some services like Norton Antivirus keep my POP3 and SMTP ports open. I found out by turning off the automatic e-mail scanning and then rechecking my open ports.
*poof* they were closed. I don't like the idea of those ports remaining open but I don't know of any other way to scan incoming/outgoing e-mail. I suppose putting the e-mail scan on before checking e-mail and then turning it off afterwards would work....but I'm entirely too lazy You would think Norton would have a default where it automatically turns off after you finish reading your mail. Maybe they do, maybe I'm just missing it. dunno.
That's my input anyways.

[ric-o]

Originally posted here by ShagDevil
I also noticed, some services like Norton Antivirus keep my POP3 and SMTP ports open. I found out by turning off the automatic e-mail scanning and then rechecking my open ports.
*poof* they were closed. I don't like the idea of those ports remaining open but I don't know of any other way to scan incoming/outgoing e-mail. I suppose putting the e-mail scan on before checking e-mail and then turning it off afterwards would work....but I'm entirely too lazy You would think Norton would have a default where it automatically turns off after you finish reading your mail. Maybe they do, maybe I'm just missing it. dunno.
That's my input anyways.

Shag: NAV proxy's those ports when you have those options on. I found that when attempting port scans of my internal network using a machine with NAV on...every host I scanned appeared to have those ports open. Very annoying. I found that McAfee doesn't use this type of mechanism for scanning.

Sorry for the off-topic.

[576869746568617]

139 open on a *nix box? I agree with SirDice...must have installed samba. If you're not sharing files with a windows box, ditch samba.

If you're not sharing with windows, stop here and disregard the remainder of this post, if you are continue reading

If you are sharing files using samba, disable port 139 on your *nix box, or filter it using ipchains or whatever else you use as a firewall. Also do the same on the Windows box(es) for ports 135-139 and 445.

I don't know what kind of authentication info samba sends via NetBIOS, but on NT/2000/XP, ports 135-139 (the NetBIOS ports) are a major point of concern. On Windows, fingerprinting and enumeration of user accounts is childs play if these ports are open (you can even get the SIDs, even if RestrictAnonymous is enabled and you can't establish a null session...That's scary!).

Win2K and XP use TCP/IP and DNS for almost all network services by default, and those that don't can be forced to. If you have an internal DNS on your *nix box, you can safely ditch NetBIOS altogether. Just note that you'll have to use the FQDN or IP for any computer or resource you want to access, as NetBIOS names won't work.

I don't know of any vulnerability on *nix pertaining to NetBIOS, but you never can be too safe.

[SirDice]

Originally posted here by 576869746568617
Win2K and XP use TCP/IP and DNS for almost all network services by default, and those that don't can be forced to. If you have an internal DNS on your *nix box, you can safely ditch NetBIOS altogether. Just note that you'll have to use the FQDN or IP for any computer or resource you want to access, as NetBIOS names won't work.

If you set the correct DNS domain, you can use the short names.

Richt click on My Computer-&gt;Properties-&gt;Computer name-&gt;Change..-&gt;More..
Fill in your DNS domain here.