[CentOS] nmap showing lots of ports open that shouldn't be

Sun Feb 12 22:15:16 UTC 2006
Scot L. Harris <webid at cfl.rr.com>

On Sun, 2006-02-12 at 17:09 -0500, Jim Bassett wrote:
> On Feb 12, 2006, at 4:56 PM, Steve Bergman wrote:
> > Jim Bassett wrote:
> >
> >>
> >> Is it over reacting to pull the plug and start over?
> >
> >
> > Silly question.  You are certain that the machine you are probing  
> > is your machine, right?  The ip address of you cable modem hasn't  
> > changed without you knowing it, etc?  (I've done sillier things,  
> > which is why I ask.)
> >
> > It's odd that smtp shows to be open, e.g.  Even without the  
> > firewall, isn't sendmail configured only to listen on
> >
> > -Steve
> I've done sillier things in the past. But I am probing the right  
> machine. It is colocated on a static IP. I just ran it again.
> The machine I am using to run nmap is connected to the net through a  
> friends base station and I don't know anything about his setup. But I  
> can successfully surf, send mail, and ssh into my server. Is there  
> any chance that even though I am specifying my server IP in nmap that  
> it is instead scanning my friends machine on my local network?
> About smtp: I did just install a mail server, so I guess that is why  
> smtp is open. But I didn't explicitly open the port myself. I can see  
> in netstat that a bunch of stuff is open for mail (and spam assassin  
> and clamav.) Maybe that install messed with iptables?

Another possibility:  Is there a firewall or server in front of the
machine you think you are scanning?   Is the IP address you are scanning
configured directly on that machine or are you using a NATed address?

Have seen cases before where a machine in an ISP would report odd ports
open but that was on the ISPs firewall that sits in front of the actual

But based on the iptables rules you posted it looks like the order of
the rules is the problem.  The first two rules allow everything through.
Check the contents of /etc/sysconfig/iptables, that is where the rules
should be saved.