I recently installed Lenny(testing) and I have very few software installed,yet. I did a nmap scan which showed this: Interesting ports on localhost (127.0.0.1): Not shown: 1710 closed ports PORT STATE SERVICE VERSION 25/tcp open smtp Exim smtpd 4.69 111/tcp open rpcbind 113/tcp open ident 832/tcp open unknown 8118/tcp open privoxy? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port8118-TCP:V=4.62%I=7%D=7/2%Time=486BCEF0%P=powerpc-unknown-linux-gnu SF:%r(GetRequest,A3,"HTTP/1\.0\x20400\x20Invalid\x20header\x20received\x20 SF:from\x20client\r\nProxy-Agent:\x20Privoxy\x203\.0\.8\r\nContent-Type:\x SF:20text/plain\r\nConnection:\x20close\r\n\r\nInvalid\x20header\x20receiv SF:ed\x20from\x20client\.\r\n")%r(GenericLines,A3,"HTTP/1\.0\x20400\x20Inv SF:alid\x20header\x20received\x20from\x20client\r\nProxy-Agent:\x20Privoxy SF:\x203\.0\.8\r\nContent-Type:\x20text/plain\r\nConnection:\x20close\r\n\ SF:r\nInvalid\x20header\x20received\x20from\x20client\.\r\n")%r(HTTPOption SF:s,A3,"HTTP/1\.0\x20400\x20Invalid\x20header\x20received\x20from\x20clie SF:nt\r\nProxy-Agent:\x20Privoxy\x203\.0\.8\r\nContent-Type:\x20text/plain SF:\r\nConnection:\x20close\r\n\r\nInvalid\x20header\x20received\x20from\x SF:20client\.\r\n")%r(RTSPRequest,A3,"HTTP/1\.0\x20400\x20Invalid\x20heade SF:r\x20received\x20from\ x20client\r\nProxy-Agent:\x20Privoxy\x203\.0\.8\r SF:\nContent-Type:\x20text/plain\r\nConnection:\x20close\r\n\r\nInvalid\x2 SF:0header\x20received\x20from\x20client\.\r\n")%r(Help,A3,"HTTP/1\.0\x204 SF:00\x20Invalid\x20header\x20received\x20from\x20client\r\nProxy-Agent:\x SF:20Privoxy\x203\.0\.8\r\nContent-Type:\x20text/plain\r\nConnection:\x20c SF:lose\r\n\r\nInvalid\x20header\x20received\x20from\x20client\.\r\n")%r(F SF:ourOhFourRequest,A3,"HTTP/1\.0\x20400\x20Invalid\x20header\x20received\ SF:x20from\x20client\r\nProxy-Agent:\x20Privoxy\x203\.0\.8\r\nContent-Type SF::\x20text/plain\r\nConnection:\x20close\r\n\r\nInvalid\x20header\x20rec SF:eived\x20from\x20client\.\r\n")%r(LPDString,A3,"HTTP/1\.0\x20400\x20Inv SF:alid\x20header\x20received\x20from\x20client\r\nProxy-Agent:\x20Privoxy SF:\x203\.0\.8\r\nContent-Type:\x20text/plain\r\nConnection:\x20close\r\n\ SF:r\nInvalid\x20header\x20received\x20from\x20client\.\ r\n")%r(SIPOptions SF:,1F17,"HTTP/1\.1\x20503\x20Forwarding\x20failure\r\nContent-Length:\x20 SF:7692\r\nContent-Type:\x20text/html\r\nCache-Control:\x20no-cache\r\nDat SF:e:\x20Wed,\x2002\x20Jul\x202008\x2018:55:15\x20GMT\r\nLast-Modified:\x2 SF:0Wed,\x2008\x20Jun\x201955\x2012:00:00\x20GMT\r\nExpires:\x20Sat,\x2017 SF:\x20Jun\x202000\x2012:00:00\x20GMT\r\nPragma:\x20no-cache\r\nConnection SF::\x20close\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\ SF:x204\.01//EN\"\x20\"http://www\.w3\.org/TR/html4/strict\.dtd\">\n<html> SF:\n\n<head>\n\x20\x20<title>503\x20-\x20Forwarding\x20failure\x20\(Privo SF:xy@localhost\)</title>\n\x20\x20<meta\x20http-equiv=\"Content-Style-Typ SF:e\"\x20content=\"text/css\">\n\x20\x20<meta\x20http-equiv=\"Content-Scr SF:ipt-Type\"\x20content=\"text/_javascript_\">\n\x20\x20<meta\x20http-equiv SF:=\"Content-Type\"\x20content=\"text/htm l;\x20charset=ISO-8859-1\">\n\x2 SF:0\x20<meta\x20name=\"robots\"\x20content=\"noindex,nofollow\">\n\x20\x2 SF:0<link\x20rel=\"shortcut\x20icon\"\x20href=\"http://config\.privoxy\.or SF:g/error-favicon\.ico\">\n\x20\x20<style\x20type=\"text/css\">\n\n/\*\n\ SF:x20\*\x20CSS\x20for\x20Privoxy\x20CGI\x20and\x20script\x20output\n\x20\ SF:*\n\x20\*\x20Id:\x20cgi-style\.css,v\n\x20\*/\n\n/\*\n\x20\*\x20General SF:\x20rules:\x20Font,\x20Col"); the fingerprint above appears that the port 832/tcp is related to privoxy however when I kill privoxy and repeat the scan only 8118/tcp port(clearly identified by nmap as privoxy stuff) closes.So what port is that not identified by nmap?I do not think it is a backdoor or so as I record all my Internet traffic(tcpdump) and run 2 IDSs and none reports problems. My system was freshly installed with all cautions:checking sigs md5sums etc. |