If you are running mysql together with management server in one box, you will see mysql's port, you can add iptables rules to harden the access to your mysql server.
Kelven From: Maurice Lawler <maurice.law...@me.com<mailto:maurice.law...@me.com>> Reply-To: "users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>" <users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>> Date: Monday, April 29, 2013 2:11 PM To: "users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>" <users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>> Subject: Re: Typical Port Listing? I have never seen a server display MYSQL port openly like that. So, to me, that feels a little insecure and not very typical. On Apr 29, 2013, at 05:08 PM, Kelven Yang <kelven.y...@citrix.com<mailto:kelven.y...@citrix.com>> wrote: It is typical Kelven From: Maurice Lawler <maurice.law...@me.com<mailto:maurice.law...@me.com><mailto:maurice.law...@me.com<mailto:maurice.law...@me.com>>> Reply-To: "users@cloudstack.apache.org<mailto:users@cloudstack.apache.org><mailto:users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>>" <users@cloudstack.apache.org<mailto:users@cloudstack.apache.org><mailto:users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>>> Date: Monday, April 29, 2013 1:56 PM To: "users@cloudstack.apache.org<mailto:users@cloudstack.apache.org><mailto:users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>>" <users@cloudstack.apache.org<mailto:users@cloudstack.apache.org><mailto:users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>>> Cc: "chip.child...@sungard.com<mailto:chip.child...@sungard.com><mailto:chip.child...@sungard.com<mailto:chip.child...@sungard.com>>" <chip.child...@sungard.com<mailto:chip.child...@sungard.com><mailto:chip.child...@sungard.com<mailto:chip.child...@sungard.com>>> Subject: Re: Typical Port Listing? I ran it from my local work station, against my primary IP address (the host node) On Apr 29, 2013, at 04:40 PM, Chip Childers <chip.child...@sungard.com<mailto:chip.child...@sungard.com><mailto:chip.child...@sungard.com<mailto:chip.child...@sungard.com>>> wrote: On Mon, Apr 29, 2013 at 4:37 PM, Maurice Lawler <maurice.law...@me.com<mailto:maurice.law...@me.com><mailto:maurice.law...@me.com<mailto:maurice.law...@me.com>>> wrote: > Hello: > > Is it typical when doing nmap -P0 to get the listing as follows: > > > 23/tcp filtered telnet > 111/tcp open rpcbind > 2049/tcp open nfs > 3306/tcp open mysql > 5900/tcp open vnc > 5901/tcp open vnc-1 > 5902/tcp open vnc-2 > 8080/tcp open http-proxy > 9090/tcp open zeus-admin > > > - Maurice What did you run it against?
