On Wednesday 02 July 2008 01:27:19 pm Luis Maceira wrote: > I recently installed Lenny(testing) and I have very few software > installed,yet. I did a nmap scan which showed this: > > Interesting ports on localhost (127.0.0.1): > Not shown: 1710 closed ports > PORT STATE SERVICE VERSION > 25/tcp open smtp Exim smtpd 4.69 > 111/tcp open rpcbind > 113/tcp open ident > 832/tcp open unknown > 8118/tcp open privoxy? > 1 service unrecognized despite returning data. If you know the > service/version, please submit the following fingerprint at <snip> > the fingerprint above appears that the port 832/tcp is related to privoxy > however when I kill privoxy and repeat the scan only 8118/tcp port(clearly > identified by nmap as privoxy stuff) closes.So what port is that not > identified by nmap?I do not think it is a backdoor or so as I record all my > Internet traffic(tcpdump) and run 2 IDSs and none reports problems. > My system was freshly installed with all cautions:checking sigs md5sums > etc.. First of all: port scans on localhost are never, ever going to confirm or deny the presence of a backdoor. The localhost interface only allows communication between a shell and a service running on the *same computer*. Anyone able to exploit a localhost service would have already owned your machine some other way.
Second, netstat is the command that should help you determine definitively which service is listening on 832. Lee -- Lee Glidewell | PGP key: D5D686A7 [EMAIL PROTECTED] | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
