[CentOS] Strange TCP ports phenomena

Wed Aug 17 20:38:46 UTC 2005
Dominik Składanowski <dominik.skladanowski at ch.pw.edu.pl>

>>>>>Sounds like exactly what you're seeing, I know our watchguard firebox proxies FTP connections so it looks like every box has FTP installed even if they don't.
>>>
>>>
>>>>>Do you have a router/firewall in front of your server?  If you are using
>>>>>something like http://www.grc.com to scan from the Internet you are
>>>>>probably getting a response from the router/firewall in front of your
>>>>>server not from the server itself.
>>>
>>>
>>>
>>>>Few days ago I had another server on the same IP (it's IP for tests
>>>>before production place), which was FTP server. So maybe that's a reason?
>>>
>>>
>>>If the current server does not have those ports open they should show as
>>>closed or stealthed.  I believe that you have a device providing NAT in
>>>front of your machine and it has that port open for some reason.  
>>>
>>>Is that at an ISP or a home network?  
>>
>>There is no any NAT in the front of this machine. Besides it has public IP.
> 
> 
> What does netstat -l show?

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address
    State
tcp        0      0 *:imaps                     *:*
    LISTEN
tcp        0      0 *:pop3s                     *:*
    LISTEN
tcp        0      0 server.domain.pl:10024  *:*
LISTEN
tcp        0      0 server.domain.pl:10025  *:*
LISTEN
tcp        0      0 *:pop3                      *:*
    LISTEN
tcp        0      0 server.domain.pl:783    *:*
LISTEN
tcp        0      0 *:imap                      *:*
    LISTEN
tcp        0      0 server.domain.pl:domain *:*
LISTEN
tcp        0      0 server.domain.pl:domain *:*
LISTEN
tcp        0      0 *:smtp                      *:*
    LISTEN
tcp        0      0 server.domain.pl:rndc   *:*
LISTEN
tcp        0      0 *:afs3-vlserver             *:*
    LISTEN
tcp        0      0 *:http                      *:*
    LISTEN
tcp        0      0 *:ssh                       *:*
    LISTEN
tcp        0      0 *:smtp                      *:*
    LISTEN
tcp        0      0 ::1:rndc                    *:*
    LISTEN
tcp        0      0 *:https                     *:*
    LISTEN
udp        0      0 *:32768                     *:*
udp        0      0 server.domain.pl:domain *:*
udp        0      0 server.domain.pl:domain *:*
udp        0      0 *:32769                     *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     6010
/tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     6030
/var/run/saslauthd/mux
unix  2      [ ACC ]     STREAM     LISTENING     27404
/tmp/.X11-unix/X1003
unix  2      [ ACC ]     STREAM     LISTENING     27468
/tmp/orbit-webmaster/linc-19fb-0-5a733f9ac78cf
unix  2      [ ACC ]     STREAM     LISTENING     6054
/var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     27477
/tmp/orbit-webmaster/linc-19ef-0-2c46999c853f
unix  2      [ ACC ]     STREAM     LISTENING     27627  /tmp/.ICE-unix/6639
unix  2      [ ACC ]     STREAM     LISTENING     27636
/tmp/keyring-NYpDeq/socket
unix  2      [ ACC ]     STREAM     LISTENING     27684
@/tmp/fam-webmaster-
unix  2      [ ACC ]     STREAM     LISTENING     27647
/tmp/orbit-webmaster/linc-1a00-0-53755928eaa15
unix  2      [ ACC ]     STREAM     LISTENING     5369
/var/run/clamav/clamd.sock
unix  2      [ ACC ]     STREAM     LISTENING     14468  public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     27669
/tmp/orbit-webmaster/linc-1a02-0-4f3764207dba
unix  2      [ ACC ]     STREAM     LISTENING     27780
/tmp/orbit-webmaster/linc-1a29-0-119ee8349c3af
unix  2      [ ACC ]     STREAM     LISTENING     14475  private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     27949
/tmp/mapping-webmaster
unix  2      [ ACC ]     STREAM     LISTENING     14479  private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     27814
/tmp/orbit-webmaster/linc-1a2d-0-4f376420c8f39
unix  2      [ ACC ]     STREAM     LISTENING     14483  private/defer
unix  2      [ ACC ]     STREAM     LISTENING     14487  private/trace
unix  2      [ ACC ]     STREAM     LISTENING     27842
/tmp/orbit-webmaster/linc-1a2f-0-4f376420ce04d
unix  2      [ ACC ]     STREAM     LISTENING     14491  private/verify
unix  2      [ ACC ]     STREAM     LISTENING     27852
/tmp/orbit-webmaster/linc-1a31-0-4f376420d9fa8
unix  2      [ ACC ]     STREAM     LISTENING     14495  public/flush
unix  2      [ ACC ]     STREAM     LISTENING     27918
/tmp/orbit-webmaster/linc-1a3a-0-1f8a01562e50c
unix  2      [ ACC ]     STREAM     LISTENING     14499  private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     27973
/tmp/orbit-webmaster/linc-1a46-0-797478ceb5ad9
unix  2      [ ACC ]     STREAM     LISTENING     27999
/tmp/orbit-webmaster/linc-1a37-0-797478cee535e
unix  2      [ ACC ]     STREAM     LISTENING     28021
/tmp/orbit-webmaster/linc-1a48-0-2b54eb092d0ba
unix  2      [ ACC ]     STREAM     LISTENING     28051
/tmp/orbit-webmaster/linc-1a4a-0-2b54eb097974b
unix  2      [ ACC ]     STREAM     LISTENING     28080
/tmp/orbit-webmaster/linc-1a4c-0-2b54eb099a5e0
unix  2      [ ACC ]     STREAM     LISTENING     28156
/tmp/orbit-webmaster/linc-1a4e-0-30c03dfb20aae
unix  2      [ ACC ]     STREAM     LISTENING     14503  private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     14507  private/relay
unix  2      [ ACC ]     STREAM     LISTENING     14512  public/showq
unix  2      [ ACC ]     STREAM     LISTENING     14516  private/error
unix  2      [ ACC ]     STREAM     LISTENING     14520  private/local
unix  2      [ ACC ]     STREAM     LISTENING     14524  private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     14528  private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     14532  private/maildrop
unix  2      [ ACC ]     STREAM     LISTENING     14536  private/old-cyrus
unix  2      [ ACC ]     STREAM     LISTENING     14540  private/cyrus
unix  2      [ ACC ]     STREAM     LISTENING     14544  private/uucp
unix  2      [ ACC ]     STREAM     LISTENING     14548  private/ifmail
unix  2      [ ACC ]     STREAM     LISTENING     14552  private/bsmtp
unix  2      [ ACC ]     STREAM     LISTENING     14560  private/smtp-amavis
unix  2      [ ACC ]     STREAM     LISTENING     5757   /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     5310
/var/run/dovecot-login/default
unix  2      [ ACC ]     STREAM     LISTENING     5092
/var/run/acpid.socket


-- 
____________________________________________________________________
D o m i n i k    S k ł a d a n o w s k i