Ports 5190 & 1863 - Apparently Open But Blocked On The Firewall
Apr 10, 2009
I am currently in the throws of configuring a new dedicated "Windows Web Server 2008 / IIS7 / Plesk" server. As part of the setup I have obviously made sure the firewall is correctly setup. After doing this I have run a remote port scan (from my internet connected PC) to the IP address of the server. This has brought up two ports that should be blocked:
5190
1863
I can open a remote telnet session to both these ports, however if I remote desktop to the server and attempt a telnet connection both ports fail to respond.
Does anybody know what these ports are?
If it helps at all, the firewall surrounding the server is an external Cisco device
I have a VPS running CentOS 4.4 which I have just been securing. It is running apache on port 80, BIND on port 53 and ssh on an atypical port. However, when I do a portscan with nmap I find that port 5190/tcp is open. There is no daemon listening on the port (I think it is for AIM?) and in any case iptables should refuse any connection on this port. Should I worry about this or is the port pretty safe to leave open?
I have used a tool called Net Tools to scan ports on my various servers to determine ports are open in the firewall through my host.
For around a decade, this tool has been accurate to determine what ports are open/closed.
I have used this tool to accurately find issues with the firewall with current host (dedicated server). The network admin says that net tools should not be trusted and even though the software claims the ports are open, they are not open.
I explained that less than a month ago, this software reflected that these ports should closed were reflected accurately as closed by scanning the ports.
Partial results:
Code: Address Scanned: xx.xx.xx.xx
Scan Started at 10/27/2007 2:08:00 PM Scan Finished at 10/27/2007 2:18:03 PM
Ports Scanned: 1 To 4000
Total Ports Found Open: 3794
Current Ports Found Open: Port: 00004 Port: 00005 Port: 00009 Port: 00026 Port: 00044 Port: 00076 Port: 00083 Port: 00088 ... What are the ABSOLUTE best tools/ways that I can confirm that the ports are truly not accessible?
I have just installed APF and it seems to be running great.
I then installed NMAP and did a "nmap -sT -O localhost" but this lists lots of ports that I have shut down in APF and I am thinking it is testing the open ports before the firewall because the list of open ports is the same if the firewall is disabled or running.
Am I doing somthing wrong? Is there another way to test which ports I have open with APF running?
Our new data center provided us with a Cisco ASA5510 firewall. We're setting up all new servers and will begin migrating all of our domains from our current co-lo to the new place.
At the old co-lo, they provided us a very basic BSD based router, and our servers all had external public facing IPs on them. Firewalling was handled at the server (Windows Firewall or Linux IPtables).
The new place is NAT'ing us, so our servers all have a 192.168.10.x address inside, and they map the external address for us through to the inside.
By default, they are locking everything down. I had to ask them to open ssh so I could remote into my CentOS box last night.
I'm not a network guru-- what ports are going to NEED to be opened so I can give them a list? This is a standard PLESK hosting server so http (80), https, ssh, ftp, pop3, smtp, what else? Anyone have a list?
Can anyone recommend a hosting provider (No GoDaddy please) that provides me outbound access to port 3306 and 1221 and is reasonably priced?
I understand that many hosting providers who provide dedicated or virtual servers can give me this option but I only have one website that needs these specifications and that's not worth $60 a month.
My fedora server is running apf firewall. When I turn it off, clients can connect.
When I turn it on, it says MSG: Contacting Server.
I have already added ports 6100 and 3784 to /etc/apf/conf.apf by adding the ports to the lines, EG_TCP_CPORTS, EG_UDP_CPORTS, IG_TCP_CPORTS, and IG_UDP_CPORTS
From some reasons, plesk is blocking incoming 25 port (in plesk shows opened, but it's not)My emails are delivered trough port 25, after doing some tests ( i've sent some emails to an email account hosted in the server) there was no email in the roundcube inbox! All emails were blocked...
a) Firewall was blocking the port 25 on server restart. b) I have succesfully unblocked it from plesk manager -> tools -> edit/change -> even if i didn't change anything, i saved the "changes" and in my roundcube inbox i recived all the test emails. c) In /var/log/maillog there is no error.
2. Passive FTP gets blocked in the same way, to successfully connect FireFTP on passive mode i need to repeat 1.b steps even if i've created a special rule to prevent the blocking, opening 49152-65534 ports and set PassivePorts 49152 65534 in /etc/proftpd.conf
The issue appears randomly, because in the last 5 days i didnĀ“t restart the server, the last time i checked it worked. Today, without touching anything, firewall blocked my passive FTP and I had probmels reciving emails from gmail, yahoo etc...
I have the web pro edition panel 12 on centos 6.5 64bit, and i have made some custom firewall rules in order to be able to run a teamspeak server. The problem is that the firewall randomly blocks the teamspeak port and keeps it blocked unless i restart the firewall.
i would be interested in knowing like what would you prefer for your dedicated server? i.e Behind a firewall or on public network. Can anyone experienced provide pros and cons on this one?
I'm having an weird issue about PageNest, an offline browser which somebody is using to copy my website and the worst part is makeing my server run slow i think because of to many acceses.
I have tried to block his IP using APF firewall
/etc/apf/apf -d xx.xxx.xx.xxx
After this he is still on top of the list (netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n)
341 requests from his IP
I checked the apache status page and he is still there too , and cPanel's Latests 300 visitors, the same he is copying like 16 images / second
I tried than to block myself and it blocked me I wasn't able to access those pages that he was able and I used the same command for bouth IP's (his and mine)
Any ideea how come he's still able to spider my website ?
PS. in the mean time , as I saw that he wasn't stoped by the APF I added 3 lines of PHP code into my function.php file :...
I install and configure apf firewall on my VPS and i have a problem. The port 80 is open, my website it`s up and working but i can`t download anything.
"Create a zend id for your machine." This is apparently for them to create a product key for their software and have to bind to it?!
I have never heard of this and have been unable to locate any information on it.
This is a Centos box with php 5.2.5 installed: Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
I'm trying to install HyperVM (I know, it isn't great, but need something quick) but need to unblock ports 8888 and 8887. I have no idea on how to do this via SSH. I've looked on Google, but nothing.
If you have a suggestion for another VPS panel which you think is much better than HyperVM and is free, please let me know. I might aswell install that then.
I have my server set up with the smtp daemon running on port 125, and assp listening on ports 25 and 26, and forwarding to port 125 if the mail passes. This setup has been working for months and months. Already today I've received several emails.
I just attempted to send an email, however, and thunderbird could not connect to port 26. (I use an alternate port because my ISP blocks port 25 except to their mail servers)
So I thought that assp had stopped running. Attempted to go to myip:55555, but the page would not load. Now I really thought assp was broken. SSH'd into server and was able to telnet to localhost, port 26 without an issue. Was also able to lynx [url] without an issue.
Since I'm able to log in to all of these weird ports via SSH but not from my local computer, I'm apt to think that they are blocking the ports (for some reason).
Is there any way I can test this theory? Nothing has changed on my side firewall-wise, and the poor girl at the ISP company didn't even know what a port was. I would like to be 100% sure before I give them another call demanding to speak to someone higher up...
I've installed Darwin Streaming Server on a brand new server (vps). But, what do you know, the RTSP and MP3 streaming TCP ports are not defined in the etc/services file of the server.
Is this normal? Should I have an issue with the service provider?
I'm behind the firewall on a public computer and all online port scan tests I've tried show that ALL ports on a computer I'm using are closed. Is this possible? I've been previously succesfully uploaded some files through cpanelproxy.net to get access to my site, for which opened port 80 was needed.
I'd like to know how I can use DNS to do something like make a CNAME record that points the same address to different addresses based on the port used.
mail.example.org on port 80 points to ghs.google.com mail.example.org on port 995 points to pop.gmail.com mail.example.org on port 587 poitns to smtp.gmail.com
Do SMTP servers by default use port 25 for receiving mail from another SMTP server? Are there any other receiving ports an SMTP server would be listening on by default?
My question is, a server I will be setting up is going to be behind a firewall that blocks outgoing connections *to* port 25. Is there going to be any way around this that is workable besides opening the port?
