Sounds like exactly what you're seeing, I know our watchguard firebox proxies FTP connections so it looks like every box has FTP installed even if they don't.
-Drew
-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Scot L. Harris
Sent: Wednesday, August 17, 2005 3:08 PM
To: CentOS mailing list
Subject: Re: Strange TCP ports phenomena
On Wed, 2005-08-17 at 14:31, Dominik Sk?adanowski wrote:
> Hello list.
>
> I have new server on CentOS 4.1 - fresh installation. During security
> tests I've noticed:
>
> When I scan server ports (nmap) from the outside there is 21 tcp port
> open. But when I check on the server (netstat -tan or lsof -i) there is
> no any open 21 tcp port.
>
> Any ideas? To be honest I'm confused.
>
> Regards
>
> P.S.: of course I don't have started FTP service. Even I don't have
> installed FTP server.
Do you have a router/firewall in front of your server? If you are using
something like http://www.grc.com to scan from the Internet you are
probably getting a response from the router/firewall in front of your
server not from the server itself.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
