Jump to content

Why are ports open on localhost and the internal IP?


bongo_bongo
 Share

Recommended Posts

I used nmap to scan my internal (192.168.1.101) IP and also localhost (127.0.0.1). The majority of ports that are open are open either on localhost or the internal IP while a few were open on both.

1. I've never been able to understand the relationship between localhost and the internal IP. Can someone please explain it?

2. In the context of ports, what does it mean for a port to be open on localhost? I suppose that a port open on 192.168.1.101 means that it's used by a program that's running on that machine. Why would a program e.g. SSH (see below) have ports open on both localhost and the internal IP?

Thanks - I really find this topic quite confusing!

Results of nmap scan on Ubuntu machine:

127.0.0.1

25/tcp    open  smtp

631/tcp   open  ipp (internet printing protocol - used for CUPS)

1194/tcp  open  openvpn

7396/tcp  open  Folding@Home (https://folding.stanford.edu/) web interface

9050/tcp  open  tor-socks

36330/tcp open  Folding@Home (https://folding.stanford.edu/) client

41466/tcp open  unknown

50000/tcp open  SSH (non-standard port)

68/udp    open|filtered dhcpc

631/udp   open|filtered ipp

5353/udp  open|filtered zeroconf

17535/udp open|filtered unknown

47322/udp open|filtered unknown


192.168.1.101

7396/tcp  open  Folding@Home (https://folding.stanford.edu/) web interface

36330/tcp open  Folding@Home (https://folding.stanford.edu/) client

50000/tcp open  SSH (non-standard port)

68/udp    open|filtered dhcpc

631/udp   open|filtered ipp

5353/udp  open|filtered zeroconf

15904/udp open|filtered unknown

35519/udp open|filtered unknown

49513/udp open|filtered unknown

 

Link to comment
Share on other sites

netstat -antplu for both tcp and udp listeners on linux, and netstat -anbt on windows will show all ports tcp and udp as well as listeners and the associated programs.

 

thing to understand is 127.0.0.1 and localhost, are internal listeners, and 0.0.0.0 will accept requests from the web or both local and external to the machine. If you have a service running/listening on 127.0.0.1 only, you can only access it form the localhost, and not via the web without tunneling or forwarding it back to someone outside the machine. Example, web servers with internal database servers or an internal ftp server that only accepts connections from the same machine(why, I don't know, but some CTF's I've done, the flags were hidden on an internal FTP server).

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...