[lug] Firewall / Lockdown questions
dio2002 at indra.com
dio2002 at indra.com
Tue Jul 31 23:56:22 MDT 2007
> dio2002 at indra.com wrote:
>>> You can find out exactly what is running on those ports by doing:
>>>
>>> sudo /sbin/fuser 623/tcp
>>> sudo /sbin/fuser 664/tcp
>>>
>>> This will return the PIDs using this port> then you can do ps auxww |
>>> grep <PID>.
>>
>> I run the cmds as root on the targethost and get absolutely no output?
>>
>> # fuser 664/tcp
>> # fuser 623/tcp
>>
>> Yet from a remote host i still get:
>>
>> # nmap targethost
>>
>> PORT STATE SERVICE
>> 623/tcp filtered unknown
>> 664/tcp filtered unknown
>>
>> How do i decipher that?
>
> Most likely a network provider between where you ran nmap and your
> webserver box is filtering those ports and nmap is reporting it.
right now i'm testing on a private nw. the only hop between one box and
the server box is via a linksys router. if what you're saying is true,
the linksys would have to be spitting that out.
More information about the LUG
mailing list