Hallo to everyone on the list. It is my first message in a while. I have recently changed my internet provider as i have moved. My previous provider was a DSL provider and the current one is the local cable operator.Now with current provider port 80 is shown open in every port scan test , all other ports being shown as stealth. But with the previous provider , every port scanned was shown as stealth. I am not running any web service . And the change in software being the one that is used to authenticate. Previously it was rp-pppoe now it is the GNU/Linux client of cyberoam software. Output from lsof:
sudo /bin/lsof -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME pdnsd 1207 nobody 4u IPv4 2434 TCP localhost:domain (LISTEN) pdnsd 1207 nobody 5u IPv4 2435 UDP localhost:domain pdnsd 1207 nobody 8u IPv4 81232 UDP 172.16.37.164:40131->AS-20144-has-not-REGISTERED-the-use-of-this-prefix:domain linc 1214 root 5u IPv4 2448 UDP *:55089 ntpd 1216 root 16u IPv4 2451 UDP *:ntp ntpd 1216 root 17u IPv4 2455 UDP localhost:ntp ntpd 1216 root 18u IPv4 2456 UDP 172.16.37.164:ntp X 1377 root 1u IPv4 2964 TCP *:x11 (LISTEN) gweather- 1538 partha 18u IPv4 78973 TCP 172.16.37.164:53421->a125-56.222-11.deploy.akamaitechnologies.com:http (CLOSE_WAIT)
Iptables configuration:
sudo /sbin/iptables-save # Generated by iptables-save v1.4.7 on Wed Mar 30 13:59:44 2011 *filter :INPUT DROP [2844:282816] :FORWARD DROP [0:0] :OUTPUT ACCEPT [9999:990098] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 54215 -j ACCEPT -A INPUT -p udp -m udp --dport 54215 -j ACCEPT COMMIT # Completed on Wed Mar 30 13:59:44 2011
With my new provider, I have to provide a static ip 172.16.37.x to eth0 and then start the linc daemon to authenticate, after that i am allocated a public ip. Now my question is: why is port 80 open and does it indicate any security vulnerability ?