NMAP QUESTION

hello newbie here to linux.

I have two questions:


1. I ran nmap localhost on my linux system (Fedora Core2) and got the
following:

[root@dev root]$ nmap dev

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-06-22
10:18 EDT
Interesting ports on dev (127.0.0.1):
(The 1650 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
873/tcp open rsync
5801/tcp open vnc-http-1
5901/tcp open vnc-1
6001/tcp open X11:1
8081/tcp open blackice-icecap
32770/tcp open sometimes-rpc3

Nmap run completed -- 1 IP address (1 host up) scanned in 1.181
seconds
[root@dev root]$

What is blackice-icecap?? Is this the default firewall with Fedora?
IPTABLES/Netfilter? Where can I find this on my system?


2. After running an nmap scan against my system I get the following
results:


TCP Sequence Prediction: Class=random positive increments
Difficulty=3453555 (Good luck!)
TCP ISN Seq. Numbers: A27DF379 A2CE22B0 A24361C6 A1E5AC5A A26CCB76
IPID Sequence Generation: All zeros


The IPID Sequence is all zeros. From my initial research I've done on
google I've read that this is a problem with my linux kernel. Is this
correct? Updating my kernel is fix this. Is this a problem? What
are the consequences of this being all zeros?

Thanks for any links and advice.

> [root@dev root]$ nmap dev
>
> Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-06-22
> 10:18 EDT
> Interesting ports on dev (127.0.0.1):
> (The 1650 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 21/tcp open ftp
> 25/tcp open smtp
> 80/tcp open http
> 111/tcp open rpcbind
> 873/tcp open rsync
> 5801/tcp open vnc-http-1
> 5901/tcp open vnc-1
> 6001/tcp open X11:1
> 8081/tcp open blackice-icecap
> 32770/tcp open sometimes-rpc3
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 1.181
> seconds
> [root@dev root]$
>
> What is blackice-icecap?? Is this the default firewall with Fedora?
> IPTABLES/Netfilter? Where can I find this on my system?

netstat -apn -A inet | grep :8081

if you run it as root, will show you the process name and PID of the
process that's listening on 8081.

--
To reply by email, replace "deadspam.com" by "alumni.utexas.net"

As for your scan, since you did it on 127.0.0.1 the scan probably did
not pass through your firewall. Try scanning from another machine.
8081 I have seen is a web log port for McAfee. Try browsing to it and
see.

As for the TCP sequence prediction, what you see is a good thing
(Class=random positive increments). You want your TCP sequence to be
unpredictable, otherwise you are suspectable to idle scans. Your
Difficulty=3453555 (Good luck!) is good, many Windows systems still
use incremental sequences nad are vulnerable to idle scans
(Difficulty=1).