Port 80 is shown open in port scan without any web server running

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hallo to everyone on the list. It is my first message in a while.

I have recently changed my internet provider as i have moved. My previous provider was a DSL provider and the current one is the local cable operator.Now with current provider port 80 is shown open in every port scan test , all other ports being shown as stealth. But with the previous provider , every port scanned was shown as stealth. I am not running any web service . And the change in software being the one that is used to authenticate. Previously it was rp-pppoe now it is the GNU/Linux client of cyberoam software.

Output from lsof:
sudo /bin/lsof -i
COMMAND    PID   USER   FD   TYPE DEVICE SIZE NODE NAME
pdnsd 1207 nobody 4u IPv4 2434 TCP localhost:domain (LISTEN)
pdnsd     1207 nobody    5u  IPv4   2435       UDP localhost:domain
pdnsd 1207 nobody 8u IPv4 81232 UDP 172.16.37.164:40131->AS-20144-has-not-REGISTERED-the-use-of-this-prefix:domain
linc      1214   root    5u  IPv4   2448       UDP *:55089
ntpd      1216   root   16u  IPv4   2451       UDP *:ntp
ntpd      1216   root   17u  IPv4   2455       UDP localhost:ntp
ntpd      1216   root   18u  IPv4   2456       UDP 172.16.37.164:ntp
X         1377   root    1u  IPv4   2964       TCP *:x11 (LISTEN)
gweather- 1538 partha 18u IPv4 78973 TCP 172.16.37.164:53421->a125-56.222-11.deploy.akamaitechnologies.com:http (CLOSE_WAIT)


Iptables configuration:

sudo /sbin/iptables-save
# Generated by iptables-save v1.4.7 on Wed Mar 30 13:59:44 2011
*filter
:INPUT DROP [2844:282816]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [9999:990098]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 54215 -j ACCEPT
-A INPUT -p udp -m udp --dport 54215 -j ACCEPT
COMMIT
# Completed on Wed Mar 30 13:59:44 2011

With my new provider, I have to provide a static ip 172.16.37.x to eth0 and then start the linc daemon to authenticate, after that i am allocated a public ip.

Now my question is: why is port 80 open and does it indicate any security vulnerability ?



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux