Are the following open ports a danger?

Rick Stevens rstevens at vitalstream.com
Mon Aug 9 16:03:05 UTC 2004 

Graeme Nichols wrote:
> Hello Folks, I have just become aware of a utility, nmap, to discover
> open ports on my system. The output of the run is as follows:-
> 
> [graeme at barney graeme]$ sudo nmap -sS -O barney
>  
> Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-09 13:07
> EST
> Interesting ports on barney.localdomain (192.168.1.1):
> (The 1637 ports scanned but not shown below are in state: closed)
> PORT      STATE SERVICE
> 1/tcp     open  tcpmux
> 11/tcp    open  systat
> 15/tcp    open  netstat
> 22/tcp    open  ssh
> 111/tcp   open  rpcbind
> 143/tcp   open  imap
> 540/tcp   open  uucp
> 635/tcp   open  unknown
> 1024/tcp  open  kdm
> 1080/tcp  open  socks
> 1524/tcp  open  ingreslock
> 2000/tcp  open  callbook
> 6667/tcp  open  irc
> 10000/tcp open  snet-sensor-mgmt
> 12345/tcp open  NetBus
> 12346/tcp open  NetBus
> 31337/tcp open  Elite
> 32771/tcp open  sometimes-rpc5
> 32772/tcp open  sometimes-rpc7
> 32773/tcp open  sometimes-rpc9
> 32774/tcp open  sometimes-rpc11
> 54320/tcp open  bo2k
> Device type: general purpose
> Running: Linux 2.4.X|2.5.X
> OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
> Uptime 0.056 days (since Mon Aug  9 11:47:15 2004)
>  
> Nmap run completed -- 1 IP address (1 host up) scanned in 6.560 seconds
> 
> Are any of the above open ports posing a danger that I should close?

NONE of these should be available outside your network except the ones
you really want others to access.  The most dangerous ones are kdm, 
sysstat, netstat, tcpmux, all of the RPC ones, uucp, ingreslock,
callbook, IRC (oh man! shut that one down NOW!) NetBus, and Elite.

For my systems, I only have ssh open from the outside.

> My apologies for a dumb question but iptables is not my forte I'm
> afraid. BTW, nmap got my system wrong, its FC2 on kernel 2.6.6

It looks at the ports that are open, probes some of them and makes its
guess based on the responses.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-                   "The bogosity meter just pegged."                -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list