Arch Linux

kmash

Member

Registered: 2009-02-14

Posts: 5

Opened ports?

Hi guys,

I've just made a clean installation of archlinux and noticed a strange to me thing.
I scanned the first 2048 ports to ensure if they are closed.
5 ports were identified as opened 21(ftp), 25(smtp),  110 (pop3), 119, 143.
Then I've verified them with netcat. For the above five ports I see:

ws.example.com [X.X.X.X] 25 (smtp) open
421 Cannot connect to SMTP server X.X.X.X (X.X.X.X:25), connect error 10061

(X.X.X.X) is hosts IP address.

For other ports I see:
ws.example.com [X.X.X.X] 27 (?): connection refused

Installation is 'core only'. No network servers are running, except syslog-ng.

What's wrong with those 5 ports?

Last edited by kmash (2009-02-14 19:42:58)

quarkup

Member

From: Portugal

Registered: 2008-09-07

Posts: 497

Website

Re: Opened ports?

what was your scanning options for nmap ??

---

If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.
Simplicity is the ultimate sophistication.

kmash

Member

Registered: 2009-02-14

Posts: 5

Re: Opened ports?

I did the scan from Windows workstation first with nmap and then with Advanced Port Scanner (RAdmin utility).
nmap -v

nmap didn't show any opened ports.
APS - reported the above 5 ports opened.

As you see - then I used netcat to do manual connection. Netcat was not able to connect to any of those "pseudo-opened" ports, but it definitely receives different responses when connecting to those specific 5 ports and the other ones.

fijam

Member

Registered: 2009-02-03

Posts: 244

Website

Re: Opened ports?

Did you try:

netstat -neelp

kmash

Member

Registered: 2009-02-14

Posts: 5

Re: Opened ports?

Sure, no open ports reported.

fukawi2

Ex-Administratorino

From: .vic.au

Registered: 2007-09-28

Posts: 6,224

Website

Re: Opened ports?

Possibly an anti-virus product on the Windows box intercepting the connection attempts which would make those ports appear to be open?

---

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

kmash

Member

Registered: 2009-02-14

Posts: 5

Re: Opened ports?

Hm, that's interesting thought...
It could be, - I do have an antivirus on windows box.
I'll test the ports again from linux box.

quarkup

Member

From: Portugal

Registered: 2008-09-07

Posts: 497

Website

Re: Opened ports?

I did the scan from Windows workstation first with nmap and then with Advanced Port Scanner (RAdmin utility).
nmap -v

nmap didn't show any opened ports.
APS - reported the above 5 ports opened.

As you see - then I used netcat to do manual connection. Netcat was not able to connect to any of those "pseudo-opened" ports, but it definitely receives different responses when connecting to those specific 5 ports and the other ones.

could you give another try?

nmap -v -T5 -A -p 1-65535

this will show you the opened port's services, this will help you to close/config those ports

Last edited by quarkup (2009-02-19 15:22:36)

---

If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.
Simplicity is the ultimate sophistication.

kmash

Member

Registered: 2009-02-14

Posts: 5

Re: Opened ports?

I've tried to scan from several Linux boxes. I've did also inspection of raw ethernet packets over net.

It looks like that this something in my Windows box - those 5 ports are detected to be "opened" only in it, and only using APS scanner.
Linux/nmap doesn't report any opened ports. And ethernet packets are the same. So I decided that this is local Windows or APS scanner problems. It could be antivirus interference, like fukawi2 said, or something else, - I don't know really.

Anyway I've closed this issue for me.  Thanks you guys for help!

Last edited by kmash (2009-02-16 19:15:46)