How to see if my Nmap tcpwrapped port is open after a GFI LANguard scan
FTP, Network monitoring, Network security, Network security appliances, Networking, Nmap, Ports, Security scanner, tcpwrappers
I ran Nmap 4.0 and GFI LANguard GFI LANguard Network Security Scanner (N.S.S.) on a Windows 2003 server and noticed that the FTP Port 21 is open but tcpwrapped. How do I check further if Port 21 is indeed open? I've checked the IIS6.0 and the Windows Add/ Remove program section there's not FTP installed. Is there something behind it?
Software/Hardware used:
Software/Hardware used:
ASKED:
February 11, 2009 6:17 PM
UPDATED:
February 25, 2009 3:48 PM
Answer Wiki:
telnet to the ip address / port. The system should return a banner if the port is truly open. You can also run netstat -an at a command prompt to see if the host is listening on port 21. You can also use the Process Explorer tool from Sysinternals (Microsoft) to see what IP addresses are connected to processes/ports.
Just to add - If the port is TCPwrapped, kindly make sure that the allow and deny rules reflect the intended configuration and not something that leaves a backdoor for an attacker to get in. Since the port is TCPwrapped it would generally be assumed to be secure and can easily fool anyone. So beware and doublecheck the config.
To see all answers submitted to the Answer Wiki: View Answer History.
On the local side run netstat. Under Win switches will be something like this:
netstat -a -p tcp -b
-a: all, including listening
-p tcp: protocol
-b: name of the program which opened the port (a good thing™ – so you can kill it!)
And follow the advice of Labnuke99 on tcpwrapping – novadays it generally just creates “a false sense of security”
BR,
Petko
How about just connecting to it via FTP and see what it responds with?