On Wed, 2005-08-17 at 16:38, Dominik Składanowski wrote:
Sounds like exactly what you're seeing, I know our watchguard firebox proxies FTP connections so it looks like every box has FTP installed even if they don't.
Do you have a router/firewall in front of your server? If you are using something like http://www.grc.com to scan from the Internet you are probably getting a response from the router/firewall in front of your server not from the server itself.
Few days ago I had another server on the same IP (it's IP for tests before production place), which was FTP server. So maybe that's a reason?
If the current server does not have those ports open they should show as closed or stealthed. I believe that you have a device providing NAT in front of your machine and it has that port open for some reason.
Is that at an ISP or a home network?
There is no any NAT in the front of this machine. Besides it has public IP.
What does netstat -l show?
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:imaps *:* LISTEN tcp 0 0 *:pop3s *:* LISTEN tcp 0 0 server.domain.pl:10024 *:*
Does not appear you have ftp open on this machine. I still think you have some kind of router or device in front of your system that has that port open.