I have Firestarter installed on FC4 with a very simple ruleset: block everything but 80, 22, and 10000 (HTTP, SSH, and Webmin). However, when I do an nmap scan of my server, I get this:
Code:
G:\Apps\nmap>nmap -v 209.31.xxx.xxx
Starting Nmap 4.01 ( http://www.insecure.org/nmap ) at 2006-02-18 14:48 Eastern
Standard Time
DNS resolution of 1 IPs took 0.02s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF:
0, TR: 1, CN: 0]
Initiating SYN Stealth Scan against engineer.xxxx.org.xxx.31.209.in-addr.arpa (2
09.31.146.79) [1672 ports] at 14:48
Discovered open port 554/tcp on 209.31.xxx.xxx
Discovered open port 22/tcp on 209.31.xxx.xxx
Discovered open port 1723/tcp on 209.31.xxx.xxx
Discovered open port 80/tcp on 209.31.xxx.xxx
Discovered open port 21/tcp on 209.31.xxx.xxx
Discovered open port 10000/tcp on 209.31.xxx.xxx
SYN Stealth Scan Timing: About 7.94% done; ETC: 14:54 (0:05:49 remaining)
Discovered open port 6666/tcp on 209.31.xxx.xxx
Discovered open port 6667/tcp on 209.31.xxx.xxx
Discovered open port 1720/tcp on 209.31.xxx.xxx
Discovered open port 6668/tcp on 209.31.xxx.xxx
SYN Stealth Scan Timing: About 47.26% done; ETC: 14:51 (0:01:44 remaining)
Discovered open port 7070/tcp on 209.31.xxx.xxx
Discovered open port 2000/tcp on 209.31.xxx.xxx
Discovered open port 1755/tcp on 209.31.xxx.xxx
The SYN Stealth Scan took 151.36s to scan 1672 total ports.
Host engineer.xxxx.org.xxx.31.209.in-addr.arpa (209.31.xxx.xxx) appears to be up
... good.
Interesting ports on engineer.xxxx.org.xxx.31.209.in-addr.arpa (209.31.xxx.xxx):
(The 1659 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
554/tcp open rtsp
1720/tcp open H.323/Q.931
1723/tcp open pptp
1755/tcp open wms
2000/tcp open callbook
6666/tcp open irc-serv
6667/tcp open irc
6668/tcp open irc
7070/tcp open realserver
10000/tcp open snet-sensor-mgmt
Nmap finished: 1 IP address (1 host up) scanned in 152.109 seconds
Raw packets sent: 6687 (294KB) | Rcvd: 134 (6524B)
G:\Apps\nmap>
What's up?
