[arch-general] Port 80 is shown open in port scan without any web server running

[Thomas Bächler]

Am 30.03.2011 10:36, schrieb Partha Chowdhury:
> I have recently changed my internet provider as i have moved. My
> previous provider was a DSL provider and the current one is the local
> cable operator.Now with current provider port 80 is shown open in every
> port scan test , all other ports being shown as stealth. But with the
> previous provider , every port scanned was shown as stealth. I am not
> running any web service . And the change in software being the one that
> is used to authenticate. Previously it was rp-pppoe now it is the
> GNU/Linux client of cyberoam software.

I guess your provider is a douche. You could investigate more thoroughly
if you try to connect to port 80 remotely, and use tcpdump to see if the
packet ever reaches your Arch machine.

>> sudo /sbin/iptables-save
>> # Generated by iptables-save v1.4.7 on Wed Mar 30 13:59:44 2011
>> *filter
>> :INPUT DROP [2844:282816]
>> :FORWARD DROP [0:0]
>> :OUTPUT ACCEPT [9999:990098]
>> -A INPUT -i lo -j ACCEPT
>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 54215 -j ACCEPT
>> -A INPUT -p udp -m udp --dport 54215 -j ACCEPT
>> COMMIT
>> # Completed on Wed Mar 30 13:59:44 2011

The following is OT, but I have to say it:

This is an affront to every admin of smaller or bigger networks. It
hurts my eyes. What do you try to achieve by dropping unwanted traffic?
You even drop ICMP entirely - dropping ICMP is the cause of a large
number of problems.

There is no security advantage, but you deliberately prevent proper
communication between yourself and other computers on the internet.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20110330/8701c80b/attachment.asc>