LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-20-2008, 12:46 PM   #1
GSMD
Member
 
Registered: Dec 2005
Distribution: Gentoo
Posts: 87

Rep: Reputation: 16
nmap reports 5190/tcp to be open


Got a gentoo box, firewalled.
Code:
sh ~ # iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  localhost            anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
fuser -n tcp 5190 doesn't report anything, neither does netstat -lnp. Still,
Code:
nmap -v myhost.mydomain # run this from another box
...
5190/tcp open  aol
...
Chkrootkit finds nothing suspicious. Tcpdump shows no activity over this port.
Any ideas how could this be?

P.S.
Code:
—
sh ~ # tcpdump port 5190
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes
18:18:56.597679 IP 110-181-113-92.pool.ukrtel.net.3335 > my.slice.domain.aol: S 2231719593:2231719593(0) win 5808 <mss 1452,sackOK,timestamp 70335246[|tcp]>
18:18:59.593850 IP 110-181-113-92.pool.ukrtel.net.3335 > my.slice.domain.aol: S 2231719593:2231719593(0) win 5808 <mss 1452,sackOK,timestamp 70335846[|tcp]>

3 packets captured
3 packets received by filter
0 packets dropped by kernel
—
So packets actually get to the server not getting filtered by ISP or smth.

TIA.

Last edited by GSMD; 08-20-2008 at 01:30 PM.
 
Old 08-20-2008, 03:51 PM   #2
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,439
Blog Entries: 1

Rep: Reputation: 66
never mind, I didn't see your report about netstat....

Last edited by marozsas; 08-20-2008 at 03:54 PM.
 
Old 08-20-2008, 03:57 PM   #3
GSMD
Member
 
Registered: Dec 2005
Distribution: Gentoo
Posts: 87

Original Poster
Rep: Reputation: 16
Ok, i've figured it out.
Code:
localhost ~ # nmap slicehost.com # this is from my box

Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-20 23:04 UTC
Interesting ports on www.slicehost.com (67.207.128.80):
Not shown: 1709 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
1720/tcp filtered H.323/Q.931
5190/tcp open aol

sh ~ # nmap slicehost.com # from slice

Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-20 20:08 UTC
Interesting ports on www.slicehost.com (67.207.128.80):
Not shown: 1711 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
Both are running the very same nmap on gentoo. I think it’s my dlink router that is causing the issue.
http://forum.slicehost.com/comments....cussionID=2249
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap port 3286/TCP (((X))) Linux - Security 7 02-16-2008 06:04 PM
unknown open port 5190 ( no aol running ) nakkaya Slackware 6 03-18-2007 01:42 PM
An open, ominous tcp port 666 revealed by nmap desmond33 Linux - Networking 1 02-01-2007 01:35 AM
nmap reports port 21 (ftp) open - how to close it? shazam75 Linux - Security 3 09-23-2005 07:13 PM
Nmap showed 6000/tcp open X11. How do I keep this from starting? jdruin Linux - Security 2 11-22-2003 07:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration