[CentOS] nmap showing lots of ports open that shouldn't be

Sun Feb 12 20:22:18 UTC 2006
Craig White <craigwhite at azapple.com>

On Sun, 2006-02-12 at 15:17 -0500, jim at datamantic.com wrote:
> I have a  CentOS 4.2 machine. lokkit shows that a firewall is  
> enabled, and it is customized to allow SSH, Web, and DNS traffic only.
> But if I run nmap against the server IP (from my home machine,  
> outside the local network) it shows over 1000 open ports. Am I not  
> understanding nmap, or is there something seriously wrong here?
> Here is a small snip of the nmap output (I can include it all if that  
> is helpful, but it is quite long):
> (The 202 ports scanned but not shown below are in state: closed)
> 1/tcp     open  tcpmux
> 2/tcp     open  compressnet
> 3/tcp     open  compressnet
> 4/tcp     open  unknown
> 5/tcp     open  rje
> 6/tcp     open  unknown
> 7/tcp     open  echo
> 8/tcp     open  unknown
> 9/tcp     open  discard
> 11/tcp    open  systat
> 12/tcp    open  unknown
> 13/tcp    open  daytime
> 14/tcp    open  unknown
> 15/tcp    open  netstat
> 16/tcp    open  unknown
> 17/tcp    open  qotd
> 20/tcp    open  ftp-data
> 22/tcp    open  ssh
> 24/tcp    open  priv-mail
> 25/tcp    open  smtp
> 26/tcp    open  unknown
might as well get a root shell and type...

iptables -L

and see what's up with that.