This is a rather newb-ish question, but when running nmap on my linux/Ubuntu box, I came up with the following printout:
and
Both are scans of my computer, but as you can see the scan that included localhost instead of my network address picked up
Is this a risk? I found some information at http://www.seifried.org/security/ports/0/631.html that suggests it's merely a printing protocol. However... why would a printing protocol be listening on a port?
Thank you to whoever can answer this question. I'd like to assume it's harmless, but I've learned that 'assuming' something is safe with computers is never a good idea.
PS: The other three ports are run by trusted processes.
| Quote: |
|
rhathar@rhathar-desktop:~$ sudo nmap -v -sT localhost Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2007-01-18 14:05 PST Initiating Connect() Scan against localhost (127.0.0.1) [1679 ports] at 14:05 Discovered open port 80/tcp on 127.0.0.1 Discovered open port 22/tcp on 127.0.0.1 Discovered open port 1375/tcp on 127.0.0.1 Discovered open port 631/tcp on 127.0.0.1 The Connect() Scan took 0.07s to scan 1679 total ports. Host localhost (127.0.0.1) appears to be up ... good. Interesting ports on localhost (127.0.0.1): Not shown: 1675 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 631/tcp open ipp 1375/tcp open bytex Nmap finished: 1 IP address (1 host up) scanned in 0.093 seconds Raw packets sent: 0 (0B) | Rcvd: 0 (0B) |
and
| Quote: |
|
rhathar@rhathar-desktop:~$ sudo nmap -v -sT 192.168.1.100 Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2007-01-18 14:06 PST DNS resolution of 1 IPs took 0.03s. Initiating Connect() Scan against 192.168.1.100 [1679 ports] at 14:06 Discovered open port 22/tcp on 192.168.1.100 Discovered open port 80/tcp on 192.168.1.100 Discovered open port 1375/tcp on 192.168.1.100 The Connect() Scan took 0.07s to scan 1679 total ports. Host 192.168.1.100 appears to be up ... good. Interesting ports on 192.168.1.100: Not shown: 1676 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 1375/tcp open bytex Nmap finished: 1 IP address (1 host up) scanned in 0.115 seconds Raw packets sent: 0 (0B) | Rcvd: 0 (0B) |
Both are scans of my computer, but as you can see the scan that included localhost instead of my network address picked up
| Quote: |
| 631/tcp open ipp |
Is this a risk? I found some information at http://www.seifried.org/security/ports/0/631.html that suggests it's merely a printing protocol. However... why would a printing protocol be listening on a port?
Thank you to whoever can answer this question. I'd like to assume it's harmless, but I've learned that 'assuming' something is safe with computers is never a good idea.
PS: The other three ports are run by trusted processes.
