Networking – Close port which has no process attached

Based on this answer, I tried to close an open port, the problem is that nmap says that there are 5 open ports, but lsof says there is no current process using those ports, so my question is how can I close those.

This is the output from nmap

Nmap scan report for 192.168.0.15
Host is up (0.022s latency).
Not shown: 995 closed ports
PORT      STATE SERVICE
80/tcp    open  http
5000/tcp  open  upnp
49153/tcp open  unknown
49154/tcp open  unknown
50000/tcp open  ibm-db2

and when I try every lsof -i:port they print nothing.

I also tried netstat -apn | grep ':port' to see the process attached to the port, but there was no output.

EDIT:

Yes, my computer is 192.168.0.15.

EDIT2:

I'm running ubuntu 16.04. I didn't install XAMP or any local servers (maybe ubuntu comes with one of it?), but the port 80 may be used because of chromium. But I don't have any idea where those other 4 ports come from and I would really like to close them.

I did disable upnp by going to 192.168.0.1->Administration->upnp->disable->save changes (on a cisco router). But if I restart the router upnp keeps enabling it. And if for disabling upnp one has not the need to restart the router, then nmap shows open ports which are not really opened. The output of nmap is the same after changing upnp.

Best Answer

If netstat & lsof (as root) report no processes attached to those ports, there is very little you can do beyond that.

If nmap is reporting them as open and (rightly) assuming nmap is reliable in this, it leaves a mystery on our hands. From your posts it also appears that you may not have made a mistake in your observations (no offense, just ruling out human error).

Applying the Sherlock Holmes adage "if we eliminate the impossible, whatever remains, however improbable, must be the truth", I would theorize that:

nmap is indeed finding a host that responds to 192.168.0.15 (could be a coincidence, but a.b.c.15 is the default IP address used by VirtualBox for NATTed guests).
that host is not your Ubuntu system/VM

If this line of thinking is right, you might want to look for another system with that IP address that is reachable from the host where you're running nmap. You will find it in the arp table right after you run nmap or ping. Use it to confirm the possibilities.

Aside (from one of your comments): Using Chromium should not open port 80 in listen mode (in any mode at all) on any system. If it is, for any reason, it would be reported on lsof -i or netstat -nltp.

Best Answer

Related Solutions

Port 5357 TCP on Windows 7 professional 64 bit

Macos – How to close suspicious port 999 garcon, is it malware

Related Question