Adam Hardy wrote:
> Not shown: 65529 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
> 80/tcp open http
> 443/tcp open https
> 3306/tcp open mysql
> 12121/tcp open unknown
>
>
> But when I run nmap from my home machine to scan it remotely, I see these
> extra ports are open:
>
> Not shown: 65524 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
> 80/tcp open http
> 443/tcp open https
> 1720/tcp filtered H.323/Q.931
> 3306/tcp open mysql
> 6666/tcp filtered irc
> 6667/tcp filtered irc
> 6668/tcp filtered irc
> 6669/tcp filtered irc
> 12121/tcp open unknown
>
> So I have 1720, 6666, 6667, 6668 and 6669 open and nmap is ignoring them.
> Isn't that conclusive evidence that nmap on the suspected machine is some
> hacker's version?
filtered != open
Filtered means that a firewall, filter,
or other network obstacle is blocking the port so that Nmap cannot tell whether
it is open or closed. -- man nmap
The only unusual thing here is that port 12121. netstat -p can probably
tell you what program is listening on that port. (Well, I don't know why
you have a SQL server listening for connections from the outside world
either.)
--
see shy jo
Attachment:
signature.asc
Description: Digital signature