[CentOS] Strange TCP ports phenomena

Drew Weaver drew.weaver at thenap.com
Wed Aug 17 19:12:28 UTC 2005


Sounds like exactly what you're seeing, I know our watchguard firebox proxies FTP connections so it looks like every box has FTP installed even if they don't.

-Drew

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Scot L. Harris
Sent: Wednesday, August 17, 2005 3:08 PM
To: CentOS mailing list
Subject: Re: [CentOS] Strange TCP ports phenomena

On Wed, 2005-08-17 at 14:31, Dominik Składanowski wrote:
> Hello list.
> 
> I have new server on CentOS 4.1 - fresh installation. During security
> tests I've noticed:
> 
> When I scan server ports (nmap) from the outside there is 21 tcp port
> open. But when I check on the server (netstat -tan or lsof -i) there is
> no any open 21 tcp port.
> 
> Any ideas? To be honest I'm confused.
> 
> Regards
> 
> P.S.: of course I don't have started FTP service. Even I don't have
> installed FTP server.

Do you have a router/firewall in front of your server?  If you are using
something like http://www.grc.com to scan from the Internet you are
probably getting a response from the router/firewall in front of your
server not from the server itself.



_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos



More information about the CentOS mailing list