Hello,
I have just ran nmap on a remote server with a minimal (or so I believed) Centos 4.3 installation. Besides what I expected (ssh, httpd, smtp) it found as open for listening these ports:
Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-06-14 17:57 CEST Interesting ports on <my.remote.server> (The 1667 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 445/tcp filtered microsoft-ds 1720/tcp filtered H.323/Q.931
which programs are these, and why should they be part of a server install? How can I find them so I can uninstall them?
TIA, Marco
PORT STATE SERVICE 445/tcp filtered microsoft-ds 1720/tcp filtered H.323/Q.931
which programs are these, and why should they be part of a server install? How can I find them so I can uninstall them?
To find out what program has any port (or file) open, use lsof.
sudo /sbin/lsof -i TCP:445
j
M. Fioretti wrote:
Hello,
I have just ran nmap on a remote server with a minimal (or so I believed) Centos 4.3 installation. Besides what I expected (ssh, httpd, smtp) it found as open for listening these ports:
Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-06-14 17:57 CEST Interesting ports on <my.remote.server> (The 1667 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 445/tcp filtered microsoft-ds 1720/tcp filtered H.323/Q.931
which programs are these, and why should they be part of a server install? How can I find them so I can uninstall them?
your /etc/services file should have info that you can always look at ( but its a text file, does not indicate whats actually running where.. )
to check for whats actually on there, use something like lsof ( the man page for lsof is very well done, a worthy read ). a Shortcut here :
lsof -i :445
will tell you whats up with your port 445.
(The 1667 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 445/tcp filtered microsoft-ds
This is part of samba/cifs microsoft filesharing.
1720/tcp filtered H.323/Q.931
This is voice over ip type stuff.
These ports are not open, they're filtered. This can mean your ISP is silently blocking them for you. For the MS port this can protect against viruses. For the h323 port, this can protect the ISP from you running your own VOIP setup and not paying them for the privilege.
On Wed, Jun 14, 2006 15:45:15 PM -0400, Jim Perrin (jperrin@gmail.com) wrote:
These ports are not open, they're filtered.
Oh, now I get it. You mean that nmap could not check if they're open or not because it can't reach them at all, right?
This can mean your ISP is silently blocking them for you.
Yes, this makes sense. In any case, there is nothing I have to uninstall/ block on my server, since also lsof (thanks to those who suggested it) lists nothing active on both port.
Thanks all, Marco
-
Jason Bradley Nance -
Jim Perrin -
Karanbir Singh -
M. Fioretti