You are not logged in.
Pages: 1
Hi guys,
I've just made a clean installation of archlinux and noticed a strange to me thing.
I scanned the first 2048 ports to ensure if they are closed.
5 ports were identified as opened 21(ftp), 25(smtp), 110 (pop3), 119, 143.
Then I've verified them with netcat. For the above five ports I see:
ws.example.com [X.X.X.X] 25 (smtp) open
421 Cannot connect to SMTP server X.X.X.X (X.X.X.X:25), connect error 10061
(X.X.X.X) is hosts IP address.
For other ports I see:
ws.example.com [X.X.X.X] 27 (?): connection refused
Installation is 'core only'. No network servers are running, except syslog-ng.
What's wrong with those 5 ports?
Last edited by kmash (2009-02-14 19:42:58)
Offline
what was your scanning options for nmap ??
If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.
Simplicity is the ultimate sophistication.
Offline
I did the scan from Windows workstation first with nmap and then with Advanced Port Scanner (RAdmin utility).
nmap -v
nmap didn't show any opened ports.
APS - reported the above 5 ports opened.
As you see - then I used netcat to do manual connection. Netcat was not able to connect to any of those "pseudo-opened" ports, but it definitely receives different responses when connecting to those specific 5 ports and the other ones.
Offline
Did you try:
netstat -neelp
Offline
Sure, no open ports reported.
Offline
Possibly an anti-virus product on the Windows box intercepting the connection attempts which would make those ports appear to be open?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Hm, that's interesting thought...
It could be, - I do have an antivirus on windows box.
I'll test the ports again from linux box.
Offline
I did the scan from Windows workstation first with nmap and then with Advanced Port Scanner (RAdmin utility).
nmap -vnmap didn't show any opened ports.
APS - reported the above 5 ports opened.As you see - then I used netcat to do manual connection. Netcat was not able to connect to any of those "pseudo-opened" ports, but it definitely receives different responses when connecting to those specific 5 ports and the other ones.
could you give another try?
nmap -v -T5 -A -p 1-65535
this will show you the opened port's services, this will help you to close/config those ports
Last edited by quarkup (2009-02-19 15:22:36)
If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.
Simplicity is the ultimate sophistication.
Offline
I've tried to scan from several Linux boxes. I've did also inspection of raw ethernet packets over net.
It looks like that this something in my Windows box - those 5 ports are detected to be "opened" only in it, and only using APS scanner.
Linux/nmap doesn't report any opened ports. And ethernet packets are the same. So I decided that this is local Windows or APS scanner problems. It could be antivirus interference, like fukawi2 said, or something else, - I don't know really.
Anyway I've closed this issue for me. Thanks you guys for help!
Last edited by kmash (2009-02-16 19:15:46)
Offline
Pages: 1