I am a newbie at linux security, could use some mentoring on a basic
question-- what do some of the open ports (services) below (from running
nmap) belong to (i.e are they valid or should they be closed somehow and if
so HOW?). I understand ssh and ipp, but I have no idea what sunrpc,
hp-alarm-mgr, unknown (self explanatory I guess, but should it be kept
open?), and snet-sensor-mgmt are. This is a home office PC with a LAN and
Linksys router. Running Mandrake Linux 9.2 I do use SSH so I want that
open.

Related to this, if a port like 22 must be open for SSH, wouldn't a cracker
know to use that port, what would stop a cracker from getting in through
that or any other open port?

# nmap localhost
Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2005-07-17 16:55 CDT
Interesting ports on localhost (127.0.0.1):
(The 1638 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
111/tcp open sunrpc
631/tcp open ipp
783/tcp open hp-alarm-mgr
826/tcp open unknown
10000/tcp open snet-sensor-mgmt
Nmap run completed -- 1 IP address (1 host up) scanned in 0.340 seconds