On 4/8/2010 10:46 AM, adam.morris at redstargaming.net wrote:
> Can you get on another computer in the network?  Try doing the nmap there. 
> You may have a full whitelist for 127.0.0.1 which is actually probably a
> good idea.  If you still see the ports open, try telnetting to them and see
> if you get a response.
>   
I only control one box in that network. I ran the scan from the computer
I normally use to log in.
> Try the port knocking that Kelly mentioned.  However understand that port
> knocking comes with its own security risks.  If someone is watching when
> you do your knocking sequence, they can perform the same sequence later. 
> Realistically, unless you're a government organization, this probably won't
> become an issue.
>   
I stumbled upon http://www.cipherdyne.org/fwknop while googling. Seems
to be more secure than regular port knocking and I can use a PGP key
exchange to authenticate. I do wish there were a CLI version of the
client available for Windows, though, since the GUI doesn't have any
docs and is less than intuitive.