Sorry, but I would like to ask if you did the test on the same network or through a router or cable modem? I see that you did test using netstat but could you try using "netstat -lnpt" or if you still think that your machine is compromised just for a test could you try copying netstat binary from another machine of the same architechture? Hope that you could still respond. --Rod
John Peter Loh wrote: > You can use lsof to find the application and other details that's > bound to the port. > > #lsof -i :21 > > Did you try connecting to the FTP port just to see the welcome message? > > On Mon, Jun 8, 2009 at 09:12, Iris Lames<[email protected]> wrote: > >> Hi, >> >> I have a squid with ldap auth; dansguardian; sarg and httpd running on >> CentOS 5.3. I'm worried when I nmap this server and found out that port 21 >> (ftp) is open. I dont install any ftp application. Any ideas what may have >> caused it and how could i close it? Please help. >> >> #nmap myserver >> PORT STATE SERVICE >> 21/tcp open ftp >> 22/tcp filtered ssh >> 80/tcp filtered http >> 389/tcp filtered ldap >> 443/tcp filtered https >> 993/tcp filtered imaps >> 8080/tcp filtered http-proxy >> >> #rpm -qa | grep ftp >> answer none >> >> #netstat -nap >> [r...@pusit ~]# netstat -aunt | grep LISTEN >> tcp 0 0 0.0.0.0:8080 0.0.0.0:* >> LISTEN >> tcp 0 0 0.0.0.0:3128 0.0.0.0:* >> LISTEN >> tcp 0 0 :::80 :::* >> LISTEN >> tcp 0 0 :::22 :::* >> LISTEN >> tcp 0 0 :::443 :::* >> LISTEN >> tcp 0 0 :::8443 :::* >> LISTEN >> >> >> # chkconfig --list | grep 3:on >> crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> dansguardian 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off >> httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off >> lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off >> mcstrans 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off >> netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off >> network 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> squid 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> >> #service xinetd status >> xinetd: unrecognized service >> >> >> Please help. >> >> Thanks. >> >> -- >> Iris >> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> >> > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
