Re: Other Open Ports

To: debian-user@lists.debian.org
Subject: Re: Other Open Ports
From: Bob Proulx <bob@proulx.com>
Date: Mon, 23 Jul 2012 22:38:32 -0600
Message-id: <[🔎] 20120724043832.GA5346@hysteria.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] a76km3F70pU1@mid.individual.net>
References: <[🔎] a75j23F11kU1@mid.individual.net> <[🔎] 20120724031554.GA20948@hysteria.proulx.com> <[🔎] a76km3F70pU1@mid.individual.net>

Charles Kroeger wrote:
> PORT     STATE SERVICE
> 25/tcp   open  smtp
> 53/tcp   open  domain
> 111/tcp  open  rpcbind
> 631/tcp  open  ipp
> 6566/tcp open  sane-port

That seems pretty reasonable.  Except if you aren't using NFS and
don't need the portmapper (rpcbind) then I would uninstall it.

> 0/tcp  closed unknown
> 1/tcp  closed tcpmux
> 2/tcp  closed compressnet
> 3/tcp  closed compressnet
> 4/tcp  closed unknown
> 5/tcp  closed unknown
> 6/tcp  closed unknown
> 7/tcp  closed echo
> 8/tcp  closed unknown
> 9/tcp  closed discard
> 10/tcp closed unknown

So you definitely know that they are not open to the world.

> I would think this means that the grc.com port probe tool is correct
> in reporting port zero and 1 are closed,

Yes, but if your firewall is blocking then nmap should show it as
"filtered".  For example here is my system from the outside world.

  PORT   STATE    SERVICE
  0/tcp  filtered unknown
  1/tcp  filtered tcpmux
  2/tcp  filtered compressnet
  3/tcp  filtered compressnet
  4/tcp  filtered unknown
  5/tcp  filtered unknown
  6/tcp  filtered unknown
  7/tcp  filtered echo
  8/tcp  filtered unknown
  9/tcp  filtered discard
  10/tcp filtered unknown

> but I wonder why the other 990 odd do not respond to the probe so
> appear invisible to the grc.com probe but port zero and port 1
> reveal themselves as being closed. If these two ports are closed,
> why do they even respond to the grc.com ping? It is as if they are
> waiting for the Open Sesame.

I did give that advice too quickly.  Hitting your local host will
bypass the firewall.  You would need to probe your system from a
different remote system.  Do you have another system you can use to
poke back at yours from the outside?  If not email me privately your
IP address and promise not to hold it against me and I will portscan
your system from the outside.

The difference between closed and filtered as reported by nmap is the
difference between reject and drop in firewall rules.  If it truly is
being reported as closed then the firewall is rejecting the packets
and not dropping them.

Bob

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Other Open Ports
  - From: Charles Kroeger <ckrogrr@frankensteinface.com>
- Re: Other Open Ports
  - From: Bob Proulx <bob@proulx.com>
- Re: Other Open Ports
  - From: Charles Kroeger <ckrogrr@frankensteinface.com>

Prev by Date: Re: Other Open Ports
Next by Date: Re: Epson Perfection 1240U USB scanner device not found
Previous by thread: Re: Other Open Ports
Next by thread: Re: Other Open Ports
Index(es):
- Date
- Thread