Hallo to everyone on the list. It is my first message in a while.
I have recently changed my internet provider as i have moved. My
previous provider was a DSL provider and the current one is the local
cable operator.Now with current provider port 80 is shown open in every
port scan test , all other ports being shown as stealth. But with the
previous provider , every port scanned was shown as stealth. I am not
running any web service . And the change in software being the one that
is used to authenticate. Previously it was rp-pppoe now it is the
GNU/Linux client of cyberoam software.
Output from lsof:
sudo /bin/lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
pdnsd 1207 nobody 4u IPv4 2434 TCP localhost:domain
(LISTEN)
pdnsd 1207 nobody 5u IPv4 2435 UDP localhost:domain
pdnsd 1207 nobody 8u IPv4 81232 UDP
172.16.37.164:40131->AS-20144-has-not-REGISTERED-the-use-of-this-prefix:domain
linc 1214 root 5u IPv4 2448 UDP *:55089
ntpd 1216 root 16u IPv4 2451 UDP *:ntp
ntpd 1216 root 17u IPv4 2455 UDP localhost:ntp
ntpd 1216 root 18u IPv4 2456 UDP 172.16.37.164:ntp
X 1377 root 1u IPv4 2964 TCP *:x11 (LISTEN)
gweather- 1538 partha 18u IPv4 78973 TCP
172.16.37.164:53421->a125-56.222-11.deploy.akamaitechnologies.com:http
(CLOSE_WAIT)
Iptables configuration:
sudo /sbin/iptables-save
# Generated by iptables-save v1.4.7 on Wed Mar 30 13:59:44 2011
*filter
:INPUT DROP [2844:282816]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [9999:990098]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 54215 -j ACCEPT
-A INPUT -p udp -m udp --dport 54215 -j ACCEPT
COMMIT
# Completed on Wed Mar 30 13:59:44 2011
With my new provider, I have to provide a static ip 172.16.37.x to eth0
and then start the linc daemon to authenticate, after that i am
allocated a public ip.
Now my question is: why is port 80 open and does it indicate any
security vulnerability ?
