Results 1 to 10 of 10

Thread: port question

  1. #1
    Junior Member
    Join Date
    Dec 2003
    Posts
    19

    port question

    I just nmaped my localhost, and found these open.

    Port State Service
    22/tcp open ssh
    25/tcp open smtp
    111/tcp open sunrpc
    139/tcp open netbios-ssn
    631/tcp open ipp
    708/tcp open unknown
    6000/tcp open X11
    10000/tcp open snet-sensor-mgmt


    What is netbios-ssn, and some of those. Are any of those something I should worry about. I heard things about netbios, and that unknown one has me.

  2. #2
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    576869746568617 provided these in another thread:

    http://<a rel="nofollow" href="http:...table.html</a>
    http://<a rel="nofollow" href="http:...other.html</a> - Internet Ports, Services, & Trojans
    http://<a rel="nofollow" href="http:...table.html</a> -Trojan TCP Ports
    http://<a rel="nofollow" href="http:...rt-numbers</a> - The Official TCP Port Database


    Here's the thread:
    http://www.antionline.com/showthrea...threadid=253054


    I don't know for sure, but the only odd one seems to be the unknown one. Correct me if I'm wrong people.

    Edit: Sorry bout the bad link....
    Real security doesn't come with an installer.

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    346
    I suppose it could be a trojan port or something...

    Do you run any strange online services on your comp?
    I'd recommend closing that one down (at least!) and checking to see if everything still runs normally - no point in keeping a port open you don't need, that's like a signed invitation :P

    Regards,

    SSJVegeta-Sei


    Pierce me with steel, rend me with claw and fang; as I die, a legend is born for another generation to follow.
    An\' it harm none, do as ye will. - Wiccan Rede

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    If I'm not mistaken this is some sort of un*x (Linux?) box.
    (22, 25, 111 and 6000 are usually not open on a windows box).

    You probably installed Samba. If you're worried about it, deinstall it.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Junior Member
    Join Date
    Dec 2003
    Posts
    19
    Yeah. Mandrake 9.2 . So the unknown is Samba? I'll shut off the unknown. Don't really know how to do that, but I'll figure it out.

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    407
    Random thought:

    Are you running a firewall? If so, check to see if it has any trusted network settings. If it does, disable them and scan again. You could also just scan from another computer outside your home/work network. I scanned myself recently and noticed 4 or 5 ports open. No matter what i did, they wouldnt close. When i tryed to see what could be done to my computer with the open ports by scanning from a friends computer, it showed no ports open. Trusted IP's get more privaleges then any old IP.



    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  7. #7
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    I also noticed, some services like Norton Antivirus keep my POP3 and SMTP ports open. I found out by turning off the automatic e-mail scanning and then rechecking my open ports.
    *poof* they were closed. I don't like the idea of those ports remaining open but I don't know of any other way to scan incoming/outgoing e-mail. I suppose putting the e-mail scan on before checking e-mail and then turning it off afterwards would work....but I'm entirely too lazy You would think Norton would have a default where it automatically turns off after you finish reading your mail. Maybe they do, maybe I'm just missing it. dunno.
    That's my input anyways.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  8. #8
    Originally posted here by ShagDevil
    I also noticed, some services like Norton Antivirus keep my POP3 and SMTP ports open. I found out by turning off the automatic e-mail scanning and then rechecking my open ports.
    *poof* they were closed. I don't like the idea of those ports remaining open but I don't know of any other way to scan incoming/outgoing e-mail. I suppose putting the e-mail scan on before checking e-mail and then turning it off afterwards would work....but I'm entirely too lazy You would think Norton would have a default where it automatically turns off after you finish reading your mail. Maybe they do, maybe I'm just missing it. dunno.
    That's my input anyways.
    Shag: NAV proxy's those ports when you have those options on. I found that when attempting port scans of my internal network using a machine with NAV on...every host I scanned appeared to have those ports open. Very annoying. I found that McAfee doesn't use this type of mechanism for scanning.

    Sorry for the off-topic.

  9. #9
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    139 open on a *nix box? I agree with SirDice...must have installed samba. If you're not sharing files with a windows box, ditch samba.

    If you're not sharing with windows, stop here and disregard the remainder of this post, if you are continue reading

    If you are sharing files using samba, disable port 139 on your *nix box, or filter it using ipchains or whatever else you use as a firewall. Also do the same on the Windows box(es) for ports 135-139 and 445.

    I don't know what kind of authentication info samba sends via NetBIOS, but on NT/2000/XP, ports 135-139 (the NetBIOS ports) are a major point of concern. On Windows, fingerprinting and enumeration of user accounts is childs play if these ports are open (you can even get the SIDs, even if RestrictAnonymous is enabled and you can't establish a null session...That's scary!).

    Win2K and XP use TCP/IP and DNS for almost all network services by default, and those that don't can be forced to. If you have an internal DNS on your *nix box, you can safely ditch NetBIOS altogether. Just note that you'll have to use the FQDN or IP for any computer or resource you want to access, as NetBIOS names won't work.

    I don't know of any vulnerability on *nix pertaining to NetBIOS, but you never can be too safe.


  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by 576869746568617
    Win2K and XP use TCP/IP and DNS for almost all network services by default, and those that don't can be forced to. If you have an internal DNS on your *nix box, you can safely ditch NetBIOS altogether. Just note that you'll have to use the FQDN or IP for any computer or resource you want to access, as NetBIOS names won't work.
    If you set the correct DNS domain, you can use the short names.

    Richt click on My Computer-&gt;Properties-&gt;Computer name-&gt;Change..-&gt;More..
    Fill in your DNS domain here.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •