begin quote On Thu, 13 Mar 2003 22:40:25 +0800 Pius Lee <[EMAIL PROTECTED]> wrote:
use "lsof -i" instead of nmap and you can know what it is that does what, instead of knowing something is open. but, "fam" (file alteration monitor) speeds up the listing of files + updates of them if you have KDE or Gnome, and that in turn starts Portmap (the sunrpc client) //Spider > Hi, I recently used nmap to portscan my machine from another pc and > found that i've got the following ports open: > > 22 (ssh) > 25 (smtp) > 113 (pop-3) > > Now, I'm very sure that I only started the sshd daemon and I DON'T > even have an smtp/pop3/any kind of mail server installed. Running > "netstat -l -p --inet" gives: > > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address > State PID/Program name > tcp 0 0 *:sunrpc *:* > LISTEN 5168/portmap > tcp 0 0 localhost:731 *:* > LISTEN 5219/fam > udp 0 0 *:sunrpc *:* > 5168/portmap > tcp 0 0 *:ssh *:* > LISTEN 6564/sshd > > > I don't see port 25 or 113 open, but why does nmap list them as so? > Blocking the ports with iptables would probably solve the problem, but > > to get to the root of it, would tracking the daemons responsible for > opening them be a better solution? How should I go about doing it > then? > -- begin .signature This is a .signature virus! Please copy me into your .signature! See Microsoft KB Article Q265230 for more information. end
pgp00000.pgp
Description: PGP signature
