LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-01-2018, 03:01 PM   #1
mtdew3q
Member
 
Registered: Mar 2006
Location: upstate NY
Distribution: fedora XFCE 24
Posts: 398

Rep: Reputation: 17
port 5432 open nmap online but closed status with firewalld and local nmap scan


hi-

The online scanners are showing port 5432 open.

My firewalld lissing of all zones, scan of 10.x.x.x for private network, and nmap scan all show it is not open. I get 2 different results from online nmap and local nmap with gui.

Is there a way I can force my computer to recognize that I want 5432 closed?

thx.
 
Old 06-01-2018, 03:11 PM   #2
mtdew3q
Member
 
Registered: Mar 2006
Location: upstate NY
Distribution: fedora XFCE 24
Posts: 398

Original Poster
Rep: Reputation: 17
Hi-

I googled it.

I got this feedback:

The most likely case is that the port is open, but something is blocking that port on your end. The online Nmap scan is run from a different network, so it does not have the same restriction.

now i can scan for viruses.

thx.
 
Old 06-01-2018, 03:39 PM   #3
mtdew3q
Member
 
Registered: Mar 2006
Location: upstate NY
Distribution: fedora XFCE 24
Posts: 398

Original Poster
Rep: Reputation: 17
hi-

I might have figured out part of this. I am scanning for viruses now. The modem is connected to my computer. The modem may have some kind of firewall on it. I imagine the port is open on that modem. I don't have the router hooked up yet because I want to be more certain I scan for malware before resetting it. My software firewall is blocking 5432. I had router malware (FBI) on my machine. Trying to get rid of it.

That is the latest theory.

thx.-
mtdew3q

Last edited by mtdew3q; 06-01-2018 at 03:41 PM.
 
Old 06-01-2018, 04:20 PM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,343
Blog Entries: 36

Rep: Reputation: Disabled
Port 5432 is Postgres?

-p port
Specifies the TCP/IP port or local Unix domain socket file extension on which postgres is to listen for connections from client applications. Defaults to the value of the PGPORT environment variable, or if PGPORT is not set, then defaults to the value established during compilation (normally 5432). If you specify a port other than the default port, then all client applications must specify the same port using either command-line options or PGPORT.

from
https://www.google.com/search?q=lsof+-i+%3A5432
 
Old 06-01-2018, 08:20 PM   #5
DevGuy
LQ Newbie
 
Registered: May 2018
Location: London
Distribution: CentOS 7.5
Posts: 17

Rep: Reputation: Disabled
If the scan says your port is open then it must be because it is returning a response to the scanner. It is unlikely something other than your server software returning a response.

Here's a scan of my server from pentest-tools.com. Only ports detected open are those I have chosen to be open from the iptables:

Quote:
Starting Nmap ( https://nmap.org ) at 2018-06-02 00:10 UTC
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 00:10
Scanning xxxxxxxxxx.com (xx.xxx.xxx.xx) [4 ports]
Completed Ping Scan at 00:10, 0.20s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 00:10
Scanning xxxxxxxxxx.com (xx.xxx.xxx.xx) [100 ports]
Discovered open port 53/tcp on xx.xxx.xxx.xx
Discovered open port 443/tcp on xx.xxx.xxx.xx
Discovered open port 25/tcp on xx.xxx.xxx.xx
Discovered open port 80/tcp on xx.xxx.xxx.xx
Completed SYN Stealth Scan at 00:10, 2.37s elapsed (100 total ports)
Initiating Service scan at 00:10
Scanning 4 services on xxxxxxxxxx.com (xx.xxx.xxx.xx)
Completed Service scan at 00:10, 13.98s elapsed (4 services on 1 host)
NSE: Script scanning xx.xxx.xxx.xx.
Initiating NSE at 00:10
Completed NSE at 00:10, 0.88s elapsed
Initiating NSE at 00:10
Completed NSE at 00:10, 0.00s elapsed
Nmap scan report for xxxxxxxxxx.com (xx.xxx.xxx.xx)
Host is up (0.097s latency).
Not shown: 96 filtered ports
PORT STATE SERVICE VERSION
25/tcp open smtp Postfix smtpd
53/tcp open domain ISC BIND 9.9.4
80/tcp open http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips mod_fastcgi/2.4.6)
443/tcp open ssl/ssl Apache httpd (SSL-only mode)
Service Info: OS: Red Hat Enterprise Linux 7; CPE: cpe:/o:redhat:enterprise_linux:7
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.15 seconds
Raw packets sent: 196 (8.600KB) | Rcvd: 15 (880B)
 
Old 06-01-2018, 09:34 PM   #6
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,480

Rep: Reputation: 997Reputation: 997Reputation: 997Reputation: 997Reputation: 997Reputation: 997Reputation: 997Reputation: 997
You could have a look at netstat -l.
 
Old 06-04-2018, 07:20 PM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,343
Blog Entries: 36

Rep: Reputation: Disabled
down and dirty test
Code:
telnet localhost 5432
Inconclusive but may yield a "banner" if service-related.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IP Tables shows port open, nmap shows port closed tkinsella Linux - Security 4 09-12-2014 03:43 AM
LXer: Learn how to use nmap, and nmap GUI, a great port scan tool LXer Syndicated Linux News 0 01-03-2008 10:10 AM
Tried to open a port, but nmap says it is still closed ErrorBound Debian 2 06-06-2007 07:41 AM
nmap shows port 80 open on WAN IP scan. NuxIT Linux - Security 10 06-24-2006 02:21 AM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 01:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration