port 5432 open nmap online but closed status with firewalld and local nmap scan

mtdew3q · 06-01-2018, 03:01 PM

hi-

The online scanners are showing port 5432 open.

My firewalld lissing of all zones, scan of 10.x.x.x for private network, and nmap scan all show it is not open. I get 2 different results from online nmap and local nmap with gui.

Is there a way I can force my computer to recognize that I want 5432 closed?

thx.

mtdew3q · 06-01-2018, 03:11 PM

Hi-

I googled it.

I got this feedback:

The most likely case is that the port is open, but something is blocking that port on your end. The online Nmap scan is run from a different network, so it does not have the same restriction.

now i can scan for viruses.

thx.

mtdew3q · 06-01-2018, 03:39 PM

hi-

I might have figured out part of this. I am scanning for viruses now. The modem is connected to my computer. The modem may have some kind of firewall on it. I imagine the port is open on that modem. I don't have the router hooked up yet because I want to be more certain I scan for malware before resetting it. My software firewall is blocking 5432. I had router malware (FBI) on my machine. Trying to get rid of it.

That is the latest theory.

thx.-
mtdew3q

Habitual · 06-01-2018, 04:20 PM

Port 5432 is Postgres?

-p port
Specifies the TCP/IP port or local Unix domain socket file extension on which postgres is to listen for connections from client applications. Defaults to the value of the PGPORT environment variable, or if PGPORT is not set, then defaults to the value established during compilation (normally 5432). If you specify a port other than the default port, then all client applications must specify the same port using either command-line options or PGPORT.

from
https://www.google.com/search?q=lsof+-i+%3A5432

DevGuy · 06-01-2018, 08:20 PM

If the scan says your port is open then it must be because it is returning a response to the scanner. It is unlikely something other than your server software returning a response.

Here's a scan of my server from pentest-tools.com. Only ports detected open are those I have chosen to be open from the iptables:

Quote:

Starting Nmap ( https://nmap.org ) at 2018-06-02 00:10 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 00:10
Scanning xxxxxxxxxx.com (xx.xxx.xxx.xx) [4 ports]
Completed Ping Scan at 00:10, 0.20s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 00:10
Scanning xxxxxxxxxx.com (xx.xxx.xxx.xx) [100 ports]
Discovered open port 53/tcp on xx.xxx.xxx.xx
Discovered open port 443/tcp on xx.xxx.xxx.xx
Discovered open port 25/tcp on xx.xxx.xxx.xx
Discovered open port 80/tcp on xx.xxx.xxx.xx
Completed SYN Stealth Scan at 00:10, 2.37s elapsed (100 total ports)
Initiating Service scan at 00:10
Scanning 4 services on xxxxxxxxxx.com (xx.xxx.xxx.xx)
Completed Service scan at 00:10, 13.98s elapsed (4 services on 1 host)
NSE: Script scanning xx.xxx.xxx.xx.
Initiating NSE at 00:10
Completed NSE at 00:10, 0.88s elapsed
Initiating NSE at 00:10
Completed NSE at 00:10, 0.00s elapsed
Nmap scan report for xxxxxxxxxx.com (xx.xxx.xxx.xx)
Host is up (0.097s latency).
Not shown: 96 filtered ports
PORT STATE SERVICE VERSION
25/tcp open smtp Postfix smtpd
53/tcp open domain ISC BIND 9.9.4
80/tcp open http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips mod_fastcgi/2.4.6)
443/tcp open ssl/ssl Apache httpd (SSL-only mode)
Service Info: OS: Red Hat Enterprise Linux 7; CPE: cpe:/o:redhat:enterprise_linux:7
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.15 seconds
Raw packets sent: 196 (8.600KB) | Rcvd: 15 (880B)

AwesomeMachine · 06-01-2018, 09:34 PM

You could have a look at netstat -l.

Habitual · 06-04-2018, 07:20 PM

down and dirty test

Code:

telnet localhost 5432

Inconclusive but may yield a "banner" if service-related.