On 22:40 Thu 13 Mar , Pius Lee wrote: > Hi, I recently used nmap to portscan my machine from another pc and > found that i've got the following ports open: > > 22 (ssh) > 25 (smtp) > 113 (pop-3) > > Now, I'm very sure that I only started the sshd daemon and I DON'T even > have an smtp/pop3/any kind of mail server installed. Running "netstat -l > -p --inet" gives: > > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name > tcp 0 0 *:sunrpc *:* LISTEN > 5168/portmap > tcp 0 0 localhost:731 *:* LISTEN > 5219/fam > udp 0 0 *:sunrpc *:* > 5168/portmap > tcp 0 0 *:ssh *:* LISTEN > 6564/sshd > > > I don't see port 25 or 113 open, but why does nmap list them as so? > Blocking the ports with iptables would probably solve the problem, but > to get to the root of it, would tracking the daemons responsible for > opening them be a better solution? How should I go about doing it then?
Run lsof|grep LISTEN -- [EMAIL PROTECTED] mailing list
