[CentOS] Strange TCP ports phenomena
Dominik Składanowski
dominik.skladanowski at ch.pw.edu.pl
Wed Aug 17 20:38:46 UTC 2005
>>>>>Sounds like exactly what you're seeing, I know our watchguard firebox proxies FTP connections so it looks like every box has FTP installed even if they don't.
>>>
>>>
>>>>>Do you have a router/firewall in front of your server? If you are using
>>>>>something like http://www.grc.com to scan from the Internet you are
>>>>>probably getting a response from the router/firewall in front of your
>>>>>server not from the server itself.
>>>
>>>
>>>
>>>>Few days ago I had another server on the same IP (it's IP for tests
>>>>before production place), which was FTP server. So maybe that's a reason?
>>>
>>>
>>>If the current server does not have those ports open they should show as
>>>closed or stealthed. I believe that you have a device providing NAT in
>>>front of your machine and it has that port open for some reason.
>>>
>>>Is that at an ISP or a home network?
>>
>>There is no any NAT in the front of this machine. Besides it has public IP.
>
>
> What does netstat -l show?
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 *:imaps *:*
LISTEN
tcp 0 0 *:pop3s *:*
LISTEN
tcp 0 0 server.domain.pl:10024 *:*
LISTEN
tcp 0 0 server.domain.pl:10025 *:*
LISTEN
tcp 0 0 *:pop3 *:*
LISTEN
tcp 0 0 server.domain.pl:783 *:*
LISTEN
tcp 0 0 *:imap *:*
LISTEN
tcp 0 0 server.domain.pl:domain *:*
LISTEN
tcp 0 0 server.domain.pl:domain *:*
LISTEN
tcp 0 0 *:smtp *:*
LISTEN
tcp 0 0 server.domain.pl:rndc *:*
LISTEN
tcp 0 0 *:afs3-vlserver *:*
LISTEN
tcp 0 0 *:http *:*
LISTEN
tcp 0 0 *:ssh *:*
LISTEN
tcp 0 0 *:smtp *:*
LISTEN
tcp 0 0 ::1:rndc *:*
LISTEN
tcp 0 0 *:https *:*
LISTEN
udp 0 0 *:32768 *:*
udp 0 0 server.domain.pl:domain *:*
udp 0 0 server.domain.pl:domain *:*
udp 0 0 *:32769 *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 6010
/tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 6030
/var/run/saslauthd/mux
unix 2 [ ACC ] STREAM LISTENING 27404
/tmp/.X11-unix/X1003
unix 2 [ ACC ] STREAM LISTENING 27468
/tmp/orbit-webmaster/linc-19fb-0-5a733f9ac78cf
unix 2 [ ACC ] STREAM LISTENING 6054
/var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 27477
/tmp/orbit-webmaster/linc-19ef-0-2c46999c853f
unix 2 [ ACC ] STREAM LISTENING 27627 /tmp/.ICE-unix/6639
unix 2 [ ACC ] STREAM LISTENING 27636
/tmp/keyring-NYpDeq/socket
unix 2 [ ACC ] STREAM LISTENING 27684
@/tmp/fam-webmaster-
unix 2 [ ACC ] STREAM LISTENING 27647
/tmp/orbit-webmaster/linc-1a00-0-53755928eaa15
unix 2 [ ACC ] STREAM LISTENING 5369
/var/run/clamav/clamd.sock
unix 2 [ ACC ] STREAM LISTENING 14468 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 27669
/tmp/orbit-webmaster/linc-1a02-0-4f3764207dba
unix 2 [ ACC ] STREAM LISTENING 27780
/tmp/orbit-webmaster/linc-1a29-0-119ee8349c3af
unix 2 [ ACC ] STREAM LISTENING 14475 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 27949
/tmp/mapping-webmaster
unix 2 [ ACC ] STREAM LISTENING 14479 private/bounce
unix 2 [ ACC ] STREAM LISTENING 27814
/tmp/orbit-webmaster/linc-1a2d-0-4f376420c8f39
unix 2 [ ACC ] STREAM LISTENING 14483 private/defer
unix 2 [ ACC ] STREAM LISTENING 14487 private/trace
unix 2 [ ACC ] STREAM LISTENING 27842
/tmp/orbit-webmaster/linc-1a2f-0-4f376420ce04d
unix 2 [ ACC ] STREAM LISTENING 14491 private/verify
unix 2 [ ACC ] STREAM LISTENING 27852
/tmp/orbit-webmaster/linc-1a31-0-4f376420d9fa8
unix 2 [ ACC ] STREAM LISTENING 14495 public/flush
unix 2 [ ACC ] STREAM LISTENING 27918
/tmp/orbit-webmaster/linc-1a3a-0-1f8a01562e50c
unix 2 [ ACC ] STREAM LISTENING 14499 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 27973
/tmp/orbit-webmaster/linc-1a46-0-797478ceb5ad9
unix 2 [ ACC ] STREAM LISTENING 27999
/tmp/orbit-webmaster/linc-1a37-0-797478cee535e
unix 2 [ ACC ] STREAM LISTENING 28021
/tmp/orbit-webmaster/linc-1a48-0-2b54eb092d0ba
unix 2 [ ACC ] STREAM LISTENING 28051
/tmp/orbit-webmaster/linc-1a4a-0-2b54eb097974b
unix 2 [ ACC ] STREAM LISTENING 28080
/tmp/orbit-webmaster/linc-1a4c-0-2b54eb099a5e0
unix 2 [ ACC ] STREAM LISTENING 28156
/tmp/orbit-webmaster/linc-1a4e-0-30c03dfb20aae
unix 2 [ ACC ] STREAM LISTENING 14503 private/smtp
unix 2 [ ACC ] STREAM LISTENING 14507 private/relay
unix 2 [ ACC ] STREAM LISTENING 14512 public/showq
unix 2 [ ACC ] STREAM LISTENING 14516 private/error
unix 2 [ ACC ] STREAM LISTENING 14520 private/local
unix 2 [ ACC ] STREAM LISTENING 14524 private/virtual
unix 2 [ ACC ] STREAM LISTENING 14528 private/anvil
unix 2 [ ACC ] STREAM LISTENING 14532 private/maildrop
unix 2 [ ACC ] STREAM LISTENING 14536 private/old-cyrus
unix 2 [ ACC ] STREAM LISTENING 14540 private/cyrus
unix 2 [ ACC ] STREAM LISTENING 14544 private/uucp
unix 2 [ ACC ] STREAM LISTENING 14548 private/ifmail
unix 2 [ ACC ] STREAM LISTENING 14552 private/bsmtp
unix 2 [ ACC ] STREAM LISTENING 14560 private/smtp-amavis
unix 2 [ ACC ] STREAM LISTENING 5757 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 5310
/var/run/dovecot-login/default
unix 2 [ ACC ] STREAM LISTENING 5092
/var/run/acpid.socket
--
____________________________________________________________________
D o m i n i k S k ł a d a n o w s k i
More information about the CentOS
mailing list