Re: [plug] CentOS 5.3 port 21 open which should not be

[Tambeling, Edwin]

Hi Iris,

    It is OK as long no services running bind in this port..Try to disable the 
ref file /etc/services the comment the ftp/21  then reboot. Try to check also 
your xinetd and inetd ref files check the FTP.

-----Original Message-----
From: plug-boun...@lists.linux.org.ph [mailto:plug-boun...@lists.linux.org.ph] 
On Behalf Of plug-requ...@lists.linux.org.ph
Sent: Monday, June 08, 2009 9:49 AM
To: plug@lists.linux.org.ph
Subject: PLUG Digest, Vol 51, Issue 9

Send PLUG mailing list submissions to
        plug@lists.linux.org.ph

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.linux.org.ph/mailman/listinfo/plug
or, via email, send a message with subject or body 'help' to
        plug-requ...@lists.linux.org.ph

You can reach the person managing the list at
        plug-ow...@lists.linux.org.ph

When replying, please edit your Subject line so it is more specific
than "Re: Contents of PLUG digest..."


Today's Topics:

   1. johngarci...@gmail.com has sent you a private message (John R)
   2. CentOS 5.3 port 21 open which should not be (Iris Lames)
   3. Re: CentOS 5.3 port 21 open which should not be (John Peter Loh)
   4. Re: CentOS 5.3 port 21 open which should not be (Iris Lames)


----------------------------------------------------------------------

Message: 1
Date: Sun,  7 Jun 2009 15:54:18 +0800 (PHT)
From: "John R" <nore...@ci.faniq.com>
Subject: [plug] johngarci...@gmail.com has sent you a private message
To: plug@lists.linux.org.ph
Message-ID: <20090607075418.a4bd93070f...@amanpulo.fs3.ph>
Content-Type: text/plain; charset="us-ascii"

An HTML attachment was scrubbed...
URL: 
http://lists.linux.org.ph/mailman/private/plug/attachments/20090607/7eed2a0d/attachment.htm

------------------------------

Message: 2
Date: Mon, 8 Jun 2009 09:12:13 +0800
From: Iris Lames <iris.la...@gmail.com>
Subject: [plug] CentOS 5.3 port 21 open which should not be
To: "Philippine Linux Users' Group (PLUG) Technical Discussion List"
        <plug@lists.linux.org.ph>
Message-ID:
        <ac0802dc0906071812y42dc4a58n73b4b176e168f...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi,

I have a squid with ldap auth; dansguardian; sarg and httpd running on
CentOS 5.3. I'm worried when I nmap this server and found out that port 21
(ftp) is open. I dont install any ftp application. Any ideas what may have
caused it and how could i close it? Please help.

*#nmap myserver*
PORT      STATE    SERVICE
21/tcp    open     ftp
22/tcp    filtered ssh
80/tcp    filtered http
389/tcp   filtered ldap
443/tcp   filtered https
993/tcp   filtered imaps
8080/tcp  filtered http-proxy

*#rpm -qa | grep ftp*
answer none

*#netstat -nap *
[r...@pusit ~]# netstat -aunt | grep LISTEN
tcp        0      0 0.0.0.0:8080                0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:3128                0.0.0.0:*
LISTEN
tcp        0      0 :::80                       :::*
LISTEN
tcp        0      0 :::22                       :::*
LISTEN
tcp        0      0 :::443                      :::*
LISTEN
tcp        0      0 :::8443                     :::*
LISTEN


*# chkconfig --list | grep 3:on*
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
dansguardian    0:off   1:off   2:on    3:on    4:on    5:on    6:off
haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
mcstrans        0:off   1:off   2:on    3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
restorecond     0:off   1:off   2:on    3:on    4:on    5:on    6:off
squid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

*#service xinetd status*
xinetd: unrecognized service


Please help.

Thanks.

--
Iris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
http://lists.linux.org.ph/mailman/private/plug/attachments/20090608/85465ef1/attachment.htm

------------------------------

Message: 3
Date: Mon, 8 Jun 2009 09:21:48 +0800
From: John Peter Loh <j.peter...@gmail.com>
Subject: Re: [plug] CentOS 5.3 port 21 open which should not be
To: "Philippine Linux Users' Group (PLUG) Technical Discussion List"
        <plug@lists.linux.org.ph>
Message-ID:
        <1a51d46e0906071821g4e8edf39q81b6ca0b6f1f1...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

You can use lsof to find the application and other details that's
bound to the port.

#lsof -i :21

Did you try connecting to the FTP port just to see the welcome message?

On Mon, Jun 8, 2009 at 09:12, Iris Lames<iris.la...@gmail.com> wrote:
> Hi,
>
> I have a squid with ldap auth; dansguardian; sarg and httpd running on
> CentOS 5.3. I'm worried when I nmap this server and found out that port 21
> (ftp) is open. I dont install any ftp application. Any ideas what may have
> caused it and how could i close it? Please help.
>
> #nmap myserver
> PORT????? STATE??? SERVICE
> 21/tcp??? open???? ftp
> 22/tcp??? filtered ssh
> 80/tcp??? filtered http
> 389/tcp?? filtered ldap
> 443/tcp?? filtered https
> 993/tcp?? filtered imaps
> 8080/tcp? filtered http-proxy
>
> #rpm -qa | grep ftp
> answer none
>
> #netstat -nap
> [r...@pusit ~]# netstat -aunt | grep LISTEN
> tcp??????? 0????? 0 0.0.0.0:8080??????????????? 0.0.0.0:*
> LISTEN
> tcp??????? 0????? 0 0.0.0.0:3128??????????????? 0.0.0.0:*
> LISTEN
> tcp??????? 0????? 0 :::80?????????????????????? :::*
> LISTEN
> tcp??????? 0????? 0 :::22?????????????????????? :::*
> LISTEN
> tcp??????? 0????? 0 :::443????????????????????? :::*
> LISTEN
> tcp??????? 0????? 0 :::8443???????????????????? :::*
> LISTEN
>
>
> # chkconfig --list | grep 3:on
> crond?????????? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> dansguardian??? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> haldaemon?????? 0:off?? 1:off?? 2:off?? 3:on??? 4:on??? 5:on??? 6:off
> httpd?????????? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> iptables??????? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> kudzu?????????? 0:off?? 1:off?? 2:off?? 3:on??? 4:on??? 5:on??? 6:off
> lvm2-monitor??? 0:off?? 1:on??? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> mcstrans??????? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> messagebus????? 0:off?? 1:off?? 2:off?? 3:on??? 4:on??? 5:on??? 6:off
> netfs?????????? 0:off?? 1:off?? 2:off?? 3:on??? 4:on??? 5:on??? 6:off
> network???????? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> restorecond???? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> squid?????????? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> sshd??????????? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
> syslog????????? 0:off?? 1:off?? 2:on??? 3:on??? 4:on??? 5:on??? 6:off
>
> #service xinetd status
> xinetd: unrecognized service
>
>
> Please help.
>
> Thanks.
>
> --
> Iris
>
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> http://lists.linux.org.ph/mailman/listinfo/plug
> Searchable Archives: http://archives.free.net.ph
>

------------------------------

Message: 4
Date: Mon, 8 Jun 2009 09:48:34 +0800
From: Iris Lames <iris.la...@gmail.com>
Subject: Re: [plug] CentOS 5.3 port 21 open which should not be
To: "Philippine Linux Users' Group (PLUG) Technical Discussion List"
        <plug@lists.linux.org.ph>
Message-ID:
        <ac0802dc0906071848veb5c3b6o41b723894f304...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi John,

Here's the results:

# lsof -i :21
returns nothing

I did try to connect to this port:
*#ftp myserver*
Connected to xx.xx.xx ( xx.xx.xx.xx).
421 Service not available, remote server has closed connection

*Does not say any welcome message.* *Does not give me prompt.

*
It's weird.

--
Iris


On Mon, Jun 8, 2009 at 9:21 AM, John Peter Loh <j.peter...@gmail.com> wrote:

> You can use lsof to find the application and other details that's
> bound to the port.
>
> #lsof -i :21
>
> Did you try connecting to the FTP port just to see the welcome message?
>
> On Mon, Jun 8, 2009 at 09:12, Iris Lames<iris.la...@gmail.com> wrote:
> > Hi,
> >
> > I have a squid with ldap auth; dansguardian; sarg and httpd running on
> > CentOS 5.3. I'm worried when I nmap this server and found out that port
> 21
> > (ftp) is open. I dont install any ftp application. Any ideas what may
> have
> > caused it and how could i close it? Please help.
> >
> > #nmap myserver
> > PORT      STATE    SERVICE
> > 21/tcp    open     ftp
> > 22/tcp    filtered ssh
> > 80/tcp    filtered http
> > 389/tcp   filtered ldap
> > 443/tcp   filtered https
> > 993/tcp   filtered imaps
> > 8080/tcp  filtered http-proxy
> >
> > #rpm -qa | grep ftp
> > answer none
> >
> > #netstat -nap
> > [r...@pusit ~]# netstat -aunt | grep LISTEN
> > tcp        0      0 0.0.0.0:8080                0.0.0.0:*
> > LISTEN
> > tcp        0      0 0.0.0.0:3128                0.0.0.0:*
> > LISTEN
> > tcp        0      0 :::80                       :::*
> > LISTEN
> > tcp        0      0 :::22                       :::*
> > LISTEN
> > tcp        0      0 :::443                      :::*
> > LISTEN
> > tcp        0      0 :::8443                     :::*
> > LISTEN
> >
> >
> > # chkconfig --list | grep 3:on
> > crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > dansguardian    0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
> > mcstrans        0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > restorecond     0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > squid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
> >
> > #service xinetd status
> > xinetd: unrecognized service
> >
> >
> > Please help.
> >
> > Thanks.
> >
> > --
> > Iris
> >
> > _________________________________________________
> > Philippine Linux Users' Group (PLUG) Mailing List
> > http://lists.linux.org.ph/mailman/listinfo/plug
> > Searchable Archives: http://archives.free.net.ph
> >
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> http://lists.linux.org.ph/mailman/listinfo/plug
> Searchable Archives: http://archives.free.net.ph
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
http://lists.linux.org.ph/mailman/private/plug/attachments/20090608/042cd852/attachment.htm

------------------------------

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph

End of PLUG Digest, Vol 51, Issue 9
***********************************
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph