nmap reports 5190/tcp to be open
Got a gentoo box, firewalled.
Code:
sh ~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- localhost anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
fuser -n tcp 5190 doesn't report anything, neither does netstat -lnp. Still,
Code:
nmap -v myhost.mydomain # run this from another box
...
5190/tcp open aol
...
Chkrootkit finds nothing suspicious. Tcpdump shows no activity over this port.
Any ideas how could this be?
P.S.
Code:
—
sh ~ # tcpdump port 5190
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes
18:18:56.597679 IP 110-181-113-92.pool.ukrtel.net.3335 > my.slice.domain.aol: S 2231719593:2231719593(0) win 5808 <mss 1452,sackOK,timestamp 70335246[|tcp]>
18:18:59.593850 IP 110-181-113-92.pool.ukrtel.net.3335 > my.slice.domain.aol: S 2231719593:2231719593(0) win 5808 <mss 1452,sackOK,timestamp 70335846[|tcp]>
3 packets captured
3 packets received by filter
0 packets dropped by kernel
—
So packets actually get to the server not getting filtered by ISP or smth.
TIA.
|