Nmap says port is open after I tried to close it

mtdew3q · 05-26-2020, 05:20 PM

Hi all-

I am running kubuntu 18.04. My UFW looks like this:

Status: active

To Action From
-- ------ ----
6600/tcp DENY Anywhere
6600/udp DENY Anywhere
6600 DENY Anywhere
6600/tcp (v6) DENY Anywhere (v6)
6600/udp (v6) DENY Anywhere (v6)
6600 (v6) DENY Anywhere (v6)

6600 DENY OUT Anywhere
6600 (v6) DENY OUT Anywhere (v6)

I tried this scan as a regular user:
nmap -p0- -v -A -T4 myipaddress
PORT STATE SERVICE VERSION
1716/tcp open xmsg?
6600/tcp open mpd Music Player Daemon 0.20.0

also:
nmap -p 6600 myipaddress
PORT STATE SERVICE
6600/tcp open mshvlm

I don't get it. I don't want 6600 open but i can't
change the status on a scan.

The other port has kdeconnect listening so I don't mind.

The 2 ports scans are conflicting what service they are.

Any ideas why it won't close or go to filtered?

It is being caused by something called syn-ack.
I am not sure why it doesn't get the acknowledgement so it can be marked filtered
or closed.

thanks,
roboloki

michaelk · 05-26-2020, 07:35 PM

May not be the answer you are looking for but change the bind_to_address in the configuration file from "any" to localhost i.e.

bind_to_address "127.0.0.1"

If the mpd daemon is not listening on the ethernet adapter then it does not matter if the firewall is open or closed for that port. Be sure to restart mpd

The default port is 6600 but the service as defined in the /etc/services file is mshvlm. This is the official service as assigned by IANA.

UFW is just a front end for iptables. Post the output of the command
sudo iptables -L

mtdew3q · 05-26-2020, 07:36 PM

HI all-

It seems that this is a non-issue for security. First off, I apologize not tagging this in the security forum. I fell asleep and misdirected this thread.

$ nmap --reason -p 6600 myipaddress

Starting Nmap 7.60 ( https://nmap.org ) at 2020-05-26 20:11 EDT
Nmap scan report for me (myipaddress)
Host is up, received conn-refused (0.000061s latency).

PORT STATE SERVICE REASON
6600/tcp open mshvlm syn-ack

This is all greek to me, but it looks like they tried to
send a syn and the the syn/ack response got blocked which
is not really a bad thing. There is no service on that port
that is running.

Since the connection is 'refused', I no longer care why
since I wanted the port closed anyway.

thanks,
roboloki

mtdew3q · 05-26-2020, 07:45 PM

Hi Michaelk-

yes, I agree. Nothing is listening. Thanks for the very cool help. I will boost your rating! I will restart mpd.

have a cool night,
roboloki