On Wed, 2005-08-17 at 16:38, Dominik Składanowski wrote: > >>>>>Sounds like exactly what you're seeing, I know our watchguard firebox proxies FTP connections so it looks like every box has FTP installed even if they don't. > >>> > >>> > >>>>>Do you have a router/firewall in front of your server? If you are using > >>>>>something like http://www.grc.com to scan from the Internet you are > >>>>>probably getting a response from the router/firewall in front of your > >>>>>server not from the server itself. > >>> > >>> > >>> > >>>>Few days ago I had another server on the same IP (it's IP for tests > >>>>before production place), which was FTP server. So maybe that's a reason? > >>> > >>> > >>>If the current server does not have those ports open they should show as > >>>closed or stealthed. I believe that you have a device providing NAT in > >>>front of your machine and it has that port open for some reason. > >>> > >>>Is that at an ISP or a home network? > >> > >>There is no any NAT in the front of this machine. Besides it has public IP. > > > > > > What does netstat -l show? > > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address > State > tcp 0 0 *:imaps *:* > LISTEN > tcp 0 0 *:pop3s *:* > LISTEN > tcp 0 0 server.domain.pl:10024 *:* Does not appear you have ftp open on this machine. I still think you have some kind of router or device in front of your system that has that port open.