ALOT of open ports?

jalexmhosting · 07-16-2007, 08:18 PM

Hi i recently installed this in my home(even though i own a webhosting company). And i port scanned my external IP and i have like 53 ports open. which is quite alot. i mean i have stuff like. jeez jus to start.

Terabase(wtf?)
MySql? point is?
network file system?
remotly anywhere?(wtf is that?).
4 unknown ports. Netbus(says its a trojan on windows). but this is linux.
kazaa(i don't use kazaa in my house... ever)
Server location? mtb backup?
real secure?
subseven(windfows trojan 2?).
lotus notes?
BMC_Patroldb?

imean this is just a few this is a full list.
TCP ports (54) 15,21,22,49,80,109,110,113,135,139,143,256,427,443 ,512,593,900,1024,10801214,1243,1313,1352,1433,152 1,1723,2000,2049,2766,2869,2998,3306,3389,4000,404 5,5556,5632,5678,5801,5900,6112,6667,7070,8000,838 3,9090,10000,12345,32769,32770,32778,32781,32784,3 2787

i mean whats the point of all these? are these on the server? or like are they on computers on the inside? how can i tell? and certinatly wtf can i do about it?

jalexmhosting · 07-16-2007, 08:21 PM

and seeing as i only have 5 computers there all static and they are on different racks.... how can i make it so my computer can ping and tracert out and stuff? because its blocking it...

dmorris · 07-16-2007, 09:52 PM

This is the attack blocker (untangle-vm shield) kicking in.
Once the scanning computer gets a bad reputation it starts requiring the scanner to ack the first syn before letting it connect to prevent syn floods.
The effect makes ports appear open that are not.

To see the real open port list - turn the scan speed down to very slow.

http://bugzilla.untangle.com/show_bug.cgi?id=3026

nitz · 08-02-2007, 02:25 PM

In Line with those open ports - I did a clean install rebooted and scanned the inside NIC- I still have not installed any applications from the store- this is a barebones fresh install.

the open ports I am seeing are
80
443
156
1080
20034
27374
6670
44444

Are these all expected to be open ? I am unclear as to why they would be open since the Untangle box is only a router right now.

vanpatrick · 08-02-2007, 03:29 PM

The part of untangle-vm shield that dmorris mentioned is actually running before you even install Attack Blocker or any other apps.

One way to be sure this is the case is to do as suggested above, port scanning very slowly....

If you still see strange results, let us know.

07-16-2007, 08:18 PM	#1 (permalink)
jalexmhosting Newbie Join Date: Jul 2007 Posts: 2	ALOT of open ports? Hi i recently installed this in my home(even though i own a webhosting company). And i port scanned my external IP and i have like 53 ports open. which is quite alot. i mean i have stuff like. jeez jus to start. Terabase(wtf?) MySql? point is? network file system? remotly anywhere?(wtf is that?). 4 unknown ports. Netbus(says its a trojan on windows). but this is linux. kazaa(i don't use kazaa in my house... ever) Server location? mtb backup? real secure? subseven(windfows trojan 2?). lotus notes? BMC_Patroldb? imean this is just a few this is a full list. TCP ports (54) 15,21,22,49,80,109,110,113,135,139,143,256,427,443 ,512,593,900,1024,10801214,1243,1313,1352,1433,152 1,1723,2000,2049,2766,2869,2998,3306,3389,4000,404 5,5556,5632,5678,5801,5900,6112,6667,7070,8000,838 3,9090,10000,12345,32769,32770,32778,32781,32784,3 2787 i mean whats the point of all these? are these on the server? or like are they on computers on the inside? how can i tell? and certinatly wtf can i do about it?

08-02-2007, 02:25 PM	#4 (permalink)
nitz Newbie Join Date: Jul 2007 Posts: 1	Open Ports on the inside . In Line with those open ports - I did a clean install rebooted and scanned the inside NIC- I still have not installed any applications from the store- this is a barebones fresh install. the open ports I am seeing are 80 443 156 1080 20034 27374 6670 44444 Are these all expected to be open ? I am unclear as to why they would be open since the Untangle box is only a router right now.

07-16-2007, 08:21 PM	#2 (permalink)
jalexmhosting Newbie Join Date: Jul 2007 Posts: 2	and seeing as i only have 5 computers there all static and they are on different racks.... how can i make it so my computer can ping and tracert out and stuff? because its blocking it...

07-16-2007, 09:52 PM	#3 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 6,394	This is the attack blocker (untangle-vm shield) kicking in. Once the scanning computer gets a bad reputation it starts requiring the scanner to ack the first syn before letting it connect to prevent syn floods. The effect makes ports appear open that are not. To see the real open port list - turn the scan speed down to very slow. http://bugzilla.untangle.com/show_bug.cgi?id=3026

08-02-2007, 03:29 PM	#5 (permalink)
vanpatrick Untangle Junkie Join Date: Nov 2006 URLs submitted: 2 Posts: 71	The part of untangle-vm shield that dmorris mentioned is actually running before you even install Attack Blocker or any other apps. One way to be sure this is the case is to do as suggested above, port scanning very slowly.... If you still see strange results, let us know.