Adam Hardy wrote: > Not shown: 65529 closed ports > PORT STATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 443/tcp open https > 3306/tcp open mysql > 12121/tcp open unknown > > > But when I run nmap from my home machine to scan it remotely, I see these > extra ports are open: > > Not shown: 65524 closed ports > PORT STATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 443/tcp open https > 1720/tcp filtered H.323/Q.931 > 3306/tcp open mysql > 6666/tcp filtered irc > 6667/tcp filtered irc > 6668/tcp filtered irc > 6669/tcp filtered irc > 12121/tcp open unknown > > So I have 1720, 6666, 6667, 6668 and 6669 open and nmap is ignoring them. > Isn't that conclusive evidence that nmap on the suspected machine is some > hacker's version?
filtered != open
Filtered means that a firewall, filter,
or other network obstacle is blocking the port so that Nmap cannot tell
whether
it is open or closed. -- man nmap
The only unusual thing here is that port 12121. netstat -p can probably
tell you what program is listening on that port. (Well, I don't know why
you have a SQL server listening for connections from the outside world
either.)
--
see shy jo
signature.asc
Description: Digital signature
