http port open?? how can that be?
Greetings, I do not have apache installed, nmap localhost does not show http being open, however, if I go to a friends machine and nmap my ip it shows http being open. Also grc.com's port probe shows http being open. Thing is I just don't see how this is possible considering I'm running iptables and the default policy is drop. Anyone have any ideas what could be sneaking and letting port 80 open? Bill
Re: http port open?? how can that be?
On Fri, Oct 13, 2000 at 11:50:40AM -0500, William Jensen wrote: Greetings, I do not have apache installed, nmap localhost does not show http being open, however, if I go to a friends machine and nmap my ip it shows http being open. Also grc.com's port probe shows http being open. Thing is I just don't see how this is possible considering I'm running iptables and the default policy is drop. Anyone have any ideas what could be sneaking and letting port 80 open? just guessing... inetd (or xinetd) may be listening to various ports whether you have services to run on them or not. check your /etc/*inetd.conf setup and /etc/init.d/*inetd reload after tweaking (if this is the problem)... hth -- things are more like they used to be than they are now. [EMAIL PROTECTED] *** http://www.dontUthink.com/
Re: http port open?? how can that be?
Already checked that. inetd.conf shows nothing about http and I do not have a xinetd. Any other guesses? Bill - Forwarded message from will trillich [EMAIL PROTECTED] - Date: Fri, 13 Oct 2000 12:07:30 -0500 From: will trillich [EMAIL PROTECTED] To: debian-user@lists.debian.org Subject: Re: http port open?? how can that be? User-Agent: Mutt/1.0.1i On Fri, Oct 13, 2000 at 11:50:40AM -0500, William Jensen wrote: Greetings, I do not have apache installed, nmap localhost does not show http being open, however, if I go to a friends machine and nmap my ip it shows http being open. Also grc.com's port probe shows http being open. Thing is I just don't see how this is possible considering I'm running iptables and the default policy is drop. Anyone have any ideas what could be sneaking and letting port 80 open? just guessing... inetd (or xinetd) may be listening to various ports whether you have services to run on them or not. check your /etc/*inetd.conf setup and /etc/init.d/*inetd reload after tweaking (if this is the problem)... hth -- things are more like they used to be than they are now. [EMAIL PROTECTED] *** http://www.dontUthink.com/ -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null - End forwarded message -
Re: http port open?? how can that be?
[2000-10-13] William Jensen wrote: I do not have apache installed, nmap localhost does not show http being open, however, if I go to a friends machine and nmap my ip it shows http being open. Also grc.com's port probe shows http being open. Thing is I just don't see how this is possible considering I'm running iptables and the default policy is drop. Anyone have any ideas what could be sneaking and letting port 80 open? For issues such as this, the first thing you should do is install the lsof package (version dependent on your kernel) then run (as root) # lsof -i this will show you which programs have net ports open. Sometimes where phantom ports appear to be open when checking externally this is due to a network provider using transparent proxying on ports (this is usually limited to 25 and 80 - redirecting to an approved relay and dedicated web proxy respectively). -- Lee Maguire [EMAIL PROTECTED] traveling at the speed of time
Re: http port open?? how can that be?
On Fri, Oct 13, 2000 at 11:50:40AM -0500, William Jensen wrote: I do not have apache installed, nmap localhost does not show http being open, however, if I go to a friends machine and nmap my ip it shows http being open. Also grc.com's port probe shows http being open. Thing is I just don't see how this is possible considering I'm running iptables and the default policy is drop. Anyone have any ideas what could be sneaking and letting port 80 open? What says lsof | grep www? Here I get: # lsof | grep www apache 245 root 16u IPv4206 TCP *:www (LISTEN) apache 254 root 16u IPv4206 TCP *:www (LISTEN) apache 255 root 16u IPv4206 TCP *:www (LISTEN) apache 256 root 16u IPv4206 TCP *:www (LISTEN) apache 257 root 16u IPv4206 TCP *:www (LISTEN) apache 258 root 16u IPv4206 TCP *:www (LISTEN) apache 1346 root 16u IPv4206 TCP *:www (LISTEN) apache 1347 root 16u IPv4206 TCP *:www (LISTEN) apache 1348 root 16u IPv4206 TCP *:www (LISTEN) Sven -- The UNIX Guru's view of sex: unzip ; strip ; touch ; finger mount ; fsck ; more ; yes ; umount sleep