[CentOS] nmap showing lots of ports open that shouldn't be
Jim Bassett
jim at datamantic.com
Sun Feb 12 20:30:07 UTC 2006
On Feb 12, 2006, at 3:22 PM, Craig White wrote:
> On Sun, 2006-02-12 at 15:17 -0500, jim at datamantic.com wrote:
>> I have a CentOS 4.2 machine. lokkit shows that a firewall is
>> enabled, and it is customized to allow SSH, Web, and DNS traffic
>> only.
>>
>> But if I run nmap against the server IP (from my home machine,
>> outside the local network) it shows over 1000 open ports. Am I not
>> understanding nmap, or is there something seriously wrong here?
>>
>> Here is a small snip of the nmap output (I can include it all if that
>> is helpful, but it is quite long):
>>
>> (The 202 ports scanned but not shown below are in state: closed)
>> PORT STATE SERVICE
>> 1/tcp open tcpmux
>> 2/tcp open compressnet
>> 3/tcp open compressnet
>> 4/tcp open unknown
>> 5/tcp open rje
>> 6/tcp open unknown
>> 7/tcp open echo
>> 8/tcp open unknown
>> 9/tcp open discard
>> 11/tcp open systat
>> 12/tcp open unknown
>> 13/tcp open daytime
>> 14/tcp open unknown
>> 15/tcp open netstat
>> 16/tcp open unknown
>> 17/tcp open qotd
>> 20/tcp open ftp-data
>> 22/tcp open ssh
>> 24/tcp open priv-mail
>> 25/tcp open smtp
>> 26/tcp open unknown
> ----
> might as well get a root shell and type...
>
> iptables -L
>
> and see what's up with that.
>
> Craig
>
Thanks for the response. Any advice on understanding this is
appreciated.
[root at ash ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:
5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state
NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-
with icmp-host-prohibited
More information about the CentOS
mailing list