Hi
I've tried to do my research as best I can but am getting nowhere with my issue so I hoping some of you experts can help please?
I recently installed Xubuntu 9.10 and used Zenmap to test my security. I have UFW enabled with a default policy DENY: which I believe blocks all incoming but not outgoing.
On a "regular" (Zenmap / Nmap 5.00) scan it shows all 1000 ports closed. Which I am quite happy with. However when a "Slow comprehensive scan" is raised against my IP it shows the following...
The Slow comprehensive scan =
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all (my IP address)
PORT STATE SERVICE VERSION
5353/udp open|filtered zeroconf
Too many fingerprints match this host to give specific OS details.
I researched the port and came up with lots of things about zeroconf, avahi-daemon and disabling ports etc....So far I have tried:
Adding a UFW rule to deny udp and tcp in and out on port 5353.
Removed avahi-autoipd and libnss-mdns.
Disabled my un-used interface eth0 (I need "lo" open otherwise it won't run the nmap scan)
Disabled my (un-used) wireless card at startup with "gksu gedit /etc/modprobe.d/blacklist" and "blacklist ipw2200"
Tested the live cd of Xubuntu 9.10 with a Zenmap install (incase I had installed something to create the problem)...
Despite everything I try it still shows this in the scan??
I do use an "hso0" 3G mobile device for internet on my laptop and wonder if this is the root of the problem?
If anyone could please suggest a remedy it would be a huge help!!
Bookmarks