I was testing a new port scanner and noticed that the last four ports don't really need to be there, LOL. I scanned my windows box and the internal network connection and the four "bad" ports didn't show up (only on the external connection of my redhat 7.1 box), how can i close these or rid of these problems? Are ther any good virus scanners for linux?

Open Ports: 6
No More Details Available

Filtered Ports: 6
No More Details Available

Closed Ports: 1324 - Closed Ports will not be shown
No More Details Available

21: FTP - File Transfer Protocol [Control]
Detected Protocol: FTP
Port State: Open

22: SSH - SSH (Secure Shell) Remote Login Protocol
Port State: Open
Version: SSH-1.99-OpenSSH_2.5.2p2

80: WWW-HTTP - World Wide Web HTTP (Hyper Text Transfer Protocol)
Detected Protocol: HTTP
Port State: Open
Version: APACHE/1.3.20 (UNIX) PHP/4.0.5 MOD_FASTCGI/2.2.10

111: SUNRPC - SUN Remote Procedure Call
Port State: Open

113: IDENT - Authentication Service - FILTERED
Port State: Filtered

139: NETBIOS-SSN - NETBIOS Session Service
Port State: Open

554: RTSP - Real Time Stream Control Protocol
Port State: Open

1524: INGRESLOCK - ingres - FILTERED
Port State: Filtered

12345: NB - NetBus - FILTERED
Port State: Filtered

12346: GabanBus - FILTERED
Port State: Filtered

27665: TRINOO_MASTER - Trinoo Attack Tool - FILTERED
Port State: Filtered

31337: BO - BackOrifice - FILTERED
Port State: Filtered

Are you by chance running portsentry?

i don't believe so, or at least I never installed such a thing, the other problem is not just back orifice but the other three ports r also open? I've be looking everywhere for removers, but most of them are for windows!

You are probably running portsentry. Do a ps ax | grep portsentry. That's the only thing I know of that will open those ports (note that they are filtered and not open.

More than likely you're running portsentry, as the other posts suggest. Canned firewall scripts like PMfirewall can also do this. A point I want to make is this: don't scan your own box from within your own network. Doing so will also give you false positives on scanners and leave you searching in vain for ports that really arent there. You'll have to scan the box from without, only doing so will give you an accurate representation of whats really open.

just a question about that - I don't have access to a machine other than my own that has port scanning software installed. Do you have any suggestions for how I can portscan myself? Something like that shieldsup.grc.com, but for more ports than just the common ones, perhaps?

ok i ran the command u specified. I am running pmfirewall! I'd like to make my own firewall, that would only allow http and ftp access and mascrade the internet connection for my other pc's, is there an easy way to do this? All of the tutorials I read overwhelm me as far as firewalls go.

I would suggest leaving it then, pmfirewall is pretty good. If you will communicate with me via private email I will portscan you, but only after I am sure that you are the owner of the box, I will need to do a lookup on you prior and I will email you the results if you like. If you are behind a hardware firewall I wouldn't be overly worried(I said overly), but pm is good as are several others. Leave them in place while you do research to make up your own rulesets and such.