Re: Help interpreting nmap scan on localhost running Lenny.Strange port?
On Wednesday 02 July 2008 01:27:19 pm Luis Maceira wrote:
> I recently installed Lenny(testing) and I have very few software
> installed,yet. I did a nmap scan which showed this:
>
> Interesting ports on localhost (127.0.0.1):
> Not shown: 1710 closed ports
> PORT STATE SERVICE VERSION
> 25/tcp open smtp Exim smtpd 4.69
> 111/tcp open rpcbind
> 113/tcp open ident
> 832/tcp open unknown
> 8118/tcp open privoxy?
> 1 service unrecognized despite returning data. If you know the
> service/version, please submit the following fingerprint at
<snip>
> the fingerprint above appears that the port 832/tcp is related to privoxy
> however when I kill privoxy and repeat the scan only 8118/tcp port(clearly
> identified by nmap as privoxy stuff) closes.So what port is that not
> identified by nmap?I do not think it is a backdoor or so as I record all my
> Internet traffic(tcpdump) and run 2 IDSs and none reports problems.
> My system was freshly installed with all cautions:checking sigs md5sums
> etc..
First of all: port scans on localhost are never, ever going to confirm or deny
the presence of a backdoor. The localhost interface only allows communication
between a shell and a service running on the *same computer*. Anyone able to
exploit a localhost service would have already owned your machine some other
way.
Second, netstat is the command that should help you determine definitively
which service is listening on 832.
Lee
--
Lee Glidewell | PGP key: D5D686A7
lee.glidewell@gmail.com |
Reply to: