Port 21, 23, and 80 are open according to Shields Up at grc.com

Miguel Laborde Miguel.Laborde at qlogitek.com
Mon Sep 13 17:21:13 CEST 2004

Something else you can try is using the lsof command.

Give lsof -i tcp:21 a try and see what it returns. If you have something running on that port it will tell you its name and PID.



-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org]On Behalf Of Mike
Sent: Monday, September 13, 2004 11:18 AM
To: Jason Opperisano
Cc: netfilter at lists.netfilter.org
Subject: Re: Port 21, 23, and 80 are open according to Shields Up at

Hi J,

Thanks for the guidance.
There's definitely no DNATing/PREROUTING currently set up in the
iptables firewall.  So, I guess the only thing that could explain port
21 and/or 23 is there must be an ftp daemon using those ports.

As for port 80, I wonder if it's got anything to do with Apache
running the intranet webserver inside the LAN.  I don't believe I've
got apache even installed on the routerbox.

Well, enough guessing.  I'll try some netstat research and see what
percolates to the surface.

Best regards.


On Mon, 13 Sep 2004 08:53:07 -0400, Jason Opperisano <opie at 817west.com> wrote:
> you need to keep in mind that if your netfilter box is performing
> MASQ/SNAT for your LAN machines--the IP being scanned by grc.com is the
> public IP of the netfilter box.
> unless your doing some DNATs to machines on your LAN--you should focus
> your efforts on the netfilter machine itself.
> "netstat -lntu" would be a good place to start.
> i've always questioned the output of web-based scanners like grc.com;
> however, i just went to grc.com and tried it out, and achieved a
> *perfect* "TruStealth" rating...which must mean i'm super l33t like
> stevie...  :-P
> -j
> --
> Jason Opperisano <opie at 817west.com>

More information about the netfilter mailing list