off-topic ports 1720 and 6000-6009 shown even though they should be filtered

Mike Burger mburger at bubbanfriends.org
Tue Mar 17 22:04:00 UTC 2009


Phill wrote:
> I know this isn't RHEL support, but I thought I'd ask this question anyways, see if you gurus know what might be going on. I have a rhel 5 web/ftp server. I'm using iptables to filter all ports except 21 and 80. Yet if I do an nmap of the server, this is the output I get.
> -------------------------------
> PORT     STATE  SERVICE
> 21/tcp   open   ftp
> 80/tcp   open   http
> 1720/tcp open   H.323/Q.931
> 6000/tcp closed X11
> 6001/tcp closed X11:1
> 6002/tcp closed X11:2
> 6003/tcp closed X11:3
> 6004/tcp closed X11:4
> 6005/tcp closed X11:5
> 6006/tcp closed X11:6
> 6007/tcp closed X11:7
> 6008/tcp closed X11:8
> 6009/tcp closed X11:9
> 6017/tcp closed xmail-ctrl
> 6050/tcp closed arcserve
> ---------------------------------
>
> Note the listening port 1720, netstat shows no service listening 
> Should be irrelevant since the only traffic I'm accepting is  port 21 and port 80, and related established. Shouldn't this output just show me port 21 and port 80 open and nothing else?
>   
How is your firewall configured?  It appears, from the output, that the 
firewall (I don't know if you're scanning from inside your network or 
outside, so it could be iptables on the server or an external firewall) 
is configured to allow those ports, although the server appears to not 
be answering on those ports.

Making sure that those ports are closed on the firewall, as well, nmap 
won't actually be able to scan them.




More information about the fedora-list mailing list