How to see if my Nmap tcpwrapped port is open after a GFI LANguard scan

1,545 pts.
Tags:
FTP
Network monitoring
Network security
Network security appliances
Networking
Nmap
Ports
Security scanner
tcpwrappers
I ran Nmap 4.0 and GFI LANguard GFI LANguard Network Security Scanner (N.S.S.) on a Windows 2003 server and noticed that the FTP Port 21 is open but tcpwrapped. How do I check further if Port 21 is indeed open? I've checked the IIS6.0 and the Windows Add/ Remove program section there's not FTP installed. Is there something behind it?
ASKED: February 11, 2009  6:17 PM
UPDATED: February 25, 2009  3:48 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

telnet to the ip address / port. The system should return a banner if the port is truly open. You can also run netstat -an at a command prompt to see if the host is listening on port 21. You can also use the Process Explorer tool from Sysinternals (Microsoft) to see what IP addresses are connected to processes/ports.

Just to add – If the port is TCPwrapped, kindly make sure that the allow and deny rules reflect the intended configuration and not something that leaves a backdoor for an attacker to get in. Since the port is TCPwrapped it would generally be assumed to be secure and can easily fool anyone. So beware and doublecheck the config.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • petkoa
    On the local side run netstat. Under Win switches will be something like this: netstat -a -p tcp -b -a: all, including listening -p tcp: protocol -b: name of the program which opened the port (a good thing™ - so you can kill it!) And follow the advice of Labnuke99 on tcpwrapping - novadays it generally just creates "a false sense of security" BR, Petko
    3,120 pointsBadges:
    report
  • Kevin Beaver
    How about just connecting to it via FTP and see what it responds with?
    14,990 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following