Thanks for all the input!
bubylou, abyrne: Good advice on changing the port #. Am thinking of perhaps using port knocking. I suspect that denyhosts plus a strong password, which I have, are pretty good but changing the port should help.
CharlesA: Yup, I should get into ufw.
Dangertux: Thanks! I found your security discussions on UFW and will
follow the directions there. Still, would like to figure out how much of a risk I have been running first--maybe I should reinstall the system.
I nmap'ed from outside my LAN and I see the same IP addresses open as from inside. I'm using:
nmap -sT MyIpaddress
As for firewall rules, firestarter is GUI, so there isn't a lot of code I could paste here (unless there's some way of using the terminal to generate a list). The Policy is to "Allow connections from host"--no one. "Allow service"--port 22 and that port 6k I mentioned (until I shut it yesterday). My understanding is that firestarter shuts all incoming traffic unless it is specifically allowed. That's why I'm puzzled that nmap shows 15 ports open (and not even 'filtered'), though I can't tell whether there's really anything responding on these ports, except SSH.
If I understand you correctly, then I may not have a problem with my WOL port. I opened a port to experiment with wakeonlan, but did not, to my recollection, install any kind of listening software yet. If I understand you, the problem isn't open ports but open ports + exploitable listening software?
I've attached a file w/ output from nmap (run from another machine outside my lan; run from on my machine it only shows the 1st two ports open--also confusing) as well as netstat -anlp, which it sounded like you wanted to see (it's pdf--the forum wouldn't let me upload a text file this size). Should be a pretty standard implementation for Oneiric--which also surprises me--why would they have so many ports open by default?
Thanks again for such a terrific set of responses!
Added the list of services/netstat results ~ CharlesA
Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-10 12:43 EDT
Interesting ports on :
Not shown: 983 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
119/tcp open nntp
143/tcp open imap
443/tcp open https
465/tcp open smtps
563/tcp open snews
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
3128/tcp open squid-http
8008/tcp open http
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8888/tcp open sun-answerbook
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 915/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1106/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1536/master
tcp 1 0 myIPaddress:53574 18.104.22.168:80 CLOSE_WAIT 2367/gweather-apple
tcp 0 0 myIPaddress:40753 22.214.171.124:443 ESTABLISHED 13930/firefox
tcp 0 0 myIPaddress:56835 126.96.36.199:443 ESTABLISHED 13930/firefox
tcp6 0 0 :::22 :::* LISTEN 915/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1106/cupsd
tcp6 0 0 127.0.0.1:39973 :::* LISTEN 5822/java
udp 0 0 0.0.0.0:68 0.0.0.0:* 4847/dhclient
udp 0 0 0.0.0.0:41531 0.0.0.0:* 938/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:* 938/avahi-daemon: r
udp6 0 0 :::5353 :::* 938/avahi-daemon: r
udp6 0 0 :::47852 :::* 938/avahi-daemon: r