off-topic ports 1720 and 6000-6009 shown even though they should be filtered
Mike Burger
mburger at bubbanfriends.org
Tue Mar 17 22:04:00 UTC 2009
Phill wrote:
> I know this isn't RHEL support, but I thought I'd ask this question anyways, see if you gurus know what might be going on. I have a rhel 5 web/ftp server. I'm using iptables to filter all ports except 21 and 80. Yet if I do an nmap of the server, this is the output I get.
> -------------------------------
> PORT STATE SERVICE
> 21/tcp open ftp
> 80/tcp open http
> 1720/tcp open H.323/Q.931
> 6000/tcp closed X11
> 6001/tcp closed X11:1
> 6002/tcp closed X11:2
> 6003/tcp closed X11:3
> 6004/tcp closed X11:4
> 6005/tcp closed X11:5
> 6006/tcp closed X11:6
> 6007/tcp closed X11:7
> 6008/tcp closed X11:8
> 6009/tcp closed X11:9
> 6017/tcp closed xmail-ctrl
> 6050/tcp closed arcserve
> ---------------------------------
>
> Note the listening port 1720, netstat shows no service listening
> Should be irrelevant since the only traffic I'm accepting is port 21 and port 80, and related established. Shouldn't this output just show me port 21 and port 80 open and nothing else?
>
How is your firewall configured? It appears, from the output, that the
firewall (I don't know if you're scanning from inside your network or
outside, so it could be iptables on the server or an external firewall)
is configured to allow those ports, although the server appears to not
be answering on those ports.
Making sure that those ports are closed on the firewall, as well, nmap
won't actually be able to scan them.
More information about the fedora-list
mailing list