Score:0

Localhost port scaning report

ws flag

I just enabled my firewall

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)

After scan my local host

$ sudo nmap -sS -sV -Pn localhost -p 0-6553

I got a result
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-25 21:34 IST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000015s latency).
Not shown: 6551 closed ports

PORT     STATE SERVICE     VERSION
631/tcp  open  ipp         CUPS 2.3
6341/tcp open  unknown
6342/tcp open  ssl/unknown

2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service

My doubt is that I have not written any rule in Firewall. According to NMAP scan, 3 ports are open. I want to know the meaning of the port itself.

Thank you.

ru flag
user68186 is not wrong, this is a scan of the local system and IS relevant to your output here. I will detail what this means if you will do me a favor and also include the output of `sudo ss -tulpn` as well as an edit to your question as it will have more detail than `nmap` will and will help ID services.
Score:0
ru flag

So, allow me to give you some insight into what you see here.

Most importantly, you are scanning 127.0.0.1 - this is local services or services listening on all IPs. MANY services such as printing, etc. rely on internal listeners that can only be accessed from localhost in order to function - CUPS included (that's your print system).

You have three services that're visible on the localhost address - CUPS (the print polling system) on tcp/631 is well known and seen by NMAP. That's normal.

"Service Unknown" is dependent on a signature being made for each service in NMAP's services mapping file. While 631 is assigned by IANA to CUPS and ipp, the ports 6327 through 6342 are not assigned by IANA, and therefore does not have a services file entry in NMAP's known services. It was able to identify 6342 as SSL but not a specific service.

This is where my comment to you asking you to run sudo ss -tulpn and then include that output in your question will help yield information. Unlike nmap, ss will actually list what programs/daemons are using those ports that're being listened on. This will help to ID the 'unidentified services' being listened to on your system. It has nothing to do with UFW or your rules there, because a search on localhost runs on the loopback lo interface which is ALWAYS open for local computer communication to itself, and not something to be worried about in an nmap scan so long as you have the firewall enabled and disable external connections by default (this is the default in UFW).

Penteste LAB avatar
ws flag
Thomas Ward Thank you very much
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.