FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Possible security risk? NMAP detects open port





rhathar
This is a rather newb-ish question, but when running nmap on my linux/Ubuntu box, I came up with the following printout:

Quote:

rhathar@rhathar-desktop:~$ sudo nmap -v -sT localhost
Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2007-01-18 14:05 PST
Initiating Connect() Scan against localhost (127.0.0.1) [1679 ports] at 14:05
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 1375/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
The Connect() Scan took 0.07s to scan 1679 total ports.
Host localhost (127.0.0.1) appears to be up ... good.
Interesting ports on localhost (127.0.0.1):
Not shown: 1675 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
631/tcp open ipp
1375/tcp open bytex

Nmap finished: 1 IP address (1 host up) scanned in 0.093 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)



and

Quote:

rhathar@rhathar-desktop:~$ sudo nmap -v -sT 192.168.1.100
Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2007-01-18 14:06 PST
DNS resolution of 1 IPs took 0.03s.
Initiating Connect() Scan against 192.168.1.100 [1679 ports] at 14:06
Discovered open port 22/tcp on 192.168.1.100
Discovered open port 80/tcp on 192.168.1.100
Discovered open port 1375/tcp on 192.168.1.100
The Connect() Scan took 0.07s to scan 1679 total ports.
Host 192.168.1.100 appears to be up ... good.
Interesting ports on 192.168.1.100:
Not shown: 1676 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
1375/tcp open bytex

Nmap finished: 1 IP address (1 host up) scanned in 0.115 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)


Both are scans of my computer, but as you can see the scan that included localhost instead of my network address picked up
Quote:
631/tcp open ipp


Is this a risk? I found some information at http://www.seifried.org/security/ports/0/631.html that suggests it's merely a printing protocol. However... why would a printing protocol be listening on a port?

Thank you to whoever can answer this question. I'd like to assume it's harmless, but I've learned that 'assuming' something is safe with computers is never a good idea.

PS: The other three ports are run by trusted processes.
MrBlueSky
rhathar wrote:


Is this a risk? I found some information at http://www.seifried.org/security/ports/0/631.html that suggests it's merely a printing protocol. However... why would a printing protocol be listening on a port?



Because it supports internet-access. It is a protocol used by CUPS and it enables you to send print-jobs over the network to the computer to which your printer is connected. By default it only accept local connections. You don't have to worry about this port, but if you want to be sure you can turn it off.
rhathar
Thanks for the info! It's good to know about accepting only local requests. I think I'll leave it open for now.

Any idea how I could go about having another computer on my network (Windows and Mac) access it?
Related topics
I'm still a noobie at home networks, please help...
Wanting a PHP input security script: up to 1200frih$!
help: some function php is off
A "small" list of free apps
Prevention, detection, and cure: 12 free security programs
secrets of firefox
The justification for war
Still Using Internet Explorer?? Why? It's just... stupid
Opening port 8080
How to webhost?
Urban Legends About the Iraq War
Question
Problem with avatar in pbgpBB >>> read/write permis
Avoid automatically sending Virus from Your Mail ID
Reply to topic    Frihost Forum Index -> Computers -> Software

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.