[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help interpreting nmap scan on localhost running Lenny.Strange port?

On Wednesday 02 July 2008 01:27:19 pm Luis Maceira wrote:
> I recently installed Lenny(testing) and I have very few software
> installed,yet. I did a nmap scan which showed this:
> Interesting ports on localhost (
> Not shown: 1710 closed ports
> 25/tcp   open  smtp     Exim smtpd 4.69
> 111/tcp  open  rpcbind
> 113/tcp  open  ident
> 832/tcp  open  unknown
> 8118/tcp open  privoxy?
> 1 service unrecognized despite returning data. If you know the
> service/version, please submit the following fingerprint at
> the fingerprint above appears that the port 832/tcp is related to privoxy
> however when I kill privoxy and repeat the scan only 8118/tcp port(clearly
> identified by nmap as privoxy stuff) closes.So what port is that not
> identified by nmap?I do not think it is a backdoor or so as I record all my
> Internet traffic(tcpdump) and run 2 IDSs and none reports problems.
> My system was freshly installed with all cautions:checking sigs md5sums
> etc..
First of all: port scans on localhost are never, ever going to confirm or deny 
the presence of a backdoor. The localhost interface only allows communication 
between a shell and a service running on the *same computer*. Anyone able to 
exploit a localhost service would have already owned your machine some other 

Second, netstat is the command that should help you determine definitively 
which service is listening on 832. 


Lee Glidewell           | PGP key: D5D686A7
lee.glidewell@gmail.com | 

Reply to: