On Mon, Jan 24, 2005 at 12:11:46AM -0500, A. Khattri wrote the following: > On Sun, 23 Jan 2005, Joseph A. Nagy, Jr. wrote: > > > So what services could possibly be taking up port 21?> > > nmapfe shows only the following: > > > > Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-01-23 22:47 CST > > Interesting ports on 192.168.1.5: > > (The 1656 ports scanned but not shown below are in state: closed) > > PORT STATE SERVICE > > 20/tcp open ftp-data > > 22/tcp open ssh > > 25/tcp open smtp > > 80/tcp open http > > 113/tcp open auth > > 783/tcp open hp-alarm-mgr > > 6000/tcp open X11 > > Device type: general purpose > > Running: Linux 2.4.X|2.5.X|2.6.X > > OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7) > > Uptime 0.550 days (since Sun Jan 23 09:34:36 2005) > > > nothing is touching port 21 as far as nmap can see. What's the deal? > > Do "netstat -an --tcp" and see if port 21 is being used. > (You can also try "lsof -i | grep TCP" to see what process it is [emerge > lsof if you dont have that command]).
[EMAIL PROTECTED]:~# netstat -an --tcp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:783 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:20 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 192.168.1.5:32790 64.12.24.136:5190 ESTABLISHED tcp 0 0 192.168.1.5:35437 212.204.214.114:6667 ESTABLISHED tcp 1 0 192.168.1.5:34838 66.235.219.115:2095 CLOSE_WAIT tcp 0 0 192.168.1.5:32792 64.12.24.8:5190 ESTABLISHED tcp 0 0 192.168.1.5:32791 64.12.25.124:5190 ESTABLISHED tcp 0 0 192.168.1.5:32794 64.12.25.108:5190 ESTABLISHED tcp 0 0 192.168.1.5:32789 64.12.25.164:5190 ESTABLISHED tcp 0 0 192.168.1.5:32802 205.188.248.145:5190 ESTABLISHED tcp 0 0 192.168.1.5:32799 205.188.248.151:5190 ESTABLISHED tcp 0 0 192.168.1.5:32795 64.12.165.68:5190 ESTABLISHED tcp 0 0 192.168.1.5:32797 64.12.165.100:5190 ESTABLISHED tcp 0 0 192.168.1.5:32786 216.155.193.136:5050 ESTABLISHED tcp 0 0 192.168.1.5:32787 216.155.193.140:5050 ESTABLISHED tcp 0 0 :::6000 :::* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 :::25 :::* LISTEN tcp 0 0 ::ffff:192.168.1.5:80 ::ffff:66.196.91.:41783 TIME_WAIT lsof -i | grep TCP produced pretty much the same, just more verbosely. Notta is touching port 21 on my machine. Now I'm really confused. <snip> > I opened only port 21 in iptables - I am using conntrack and conntrack_ftp > modules to track incoming FTP traffic so dont need to worry about opening > and closing any other ports, these modules take care of that ;-) Good idea! (: -- Joseph A. Nagy Jr. AIM: pres CTHULHU | ICQ: 18115568 | Yahoo: pagan_prince | Jabber: DarkKnightRadick@(jabber.org|amessage.at) Libertarian @ Large | PGP: 0xCF7EAA67 | < http://www.joseph-a-nagy-jr.us > | < http://www.jan-jr-ent.biz > < http://games.joseph-a-nagy-ur.us >
pgpgCH1ZDCp0m.pgp
Description: PGP signature
