Port 21, 23, and 80 are open according to Shields Up at grc.com
Miguel.Laborde at qlogitek.com
Mon Sep 13 17:21:13 CEST 2004
Something else you can try is using the lsof command.
Give lsof -i tcp:21 a try and see what it returns. If you have something running on that port it will tell you its name and PID.
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org]On Behalf Of Mike
Sent: Monday, September 13, 2004 11:18 AM
To: Jason Opperisano
Cc: netfilter at lists.netfilter.org
Subject: Re: Port 21, 23, and 80 are open according to Shields Up at
Thanks for the guidance.
There's definitely no DNATing/PREROUTING currently set up in the
iptables firewall. So, I guess the only thing that could explain port
21 and/or 23 is there must be an ftp daemon using those ports.
As for port 80, I wonder if it's got anything to do with Apache
running the intranet webserver inside the LAN. I don't believe I've
got apache even installed on the routerbox.
Well, enough guessing. I'll try some netstat research and see what
percolates to the surface.
On Mon, 13 Sep 2004 08:53:07 -0400, Jason Opperisano <opie at 817west.com> wrote:
> you need to keep in mind that if your netfilter box is performing
> MASQ/SNAT for your LAN machines--the IP being scanned by grc.com is the
> public IP of the netfilter box.
> unless your doing some DNATs to machines on your LAN--you should focus
> your efforts on the netfilter machine itself.
> "netstat -lntu" would be a good place to start.
> i've always questioned the output of web-based scanners like grc.com;
> however, i just went to grc.com and tried it out, and achieved a
> *perfect* "TruStealth" rating...which must mean i'm super l33t like
> stevie... :-P
> Jason Opperisano <opie at 817west.com>
More information about the netfilter