Ubuntu – Ubuntu Open Ports

server

I have recently installed two Ubuntu Server machines and I would like to find the open ports in the machine.

When I run nmap from my machine (Ubuntu 11.10) I observed that both servers have 

135/tcp  filtered msrpc
4444/tcp filtered krb524
4662/tcp filtered edonkey
5000/tcp filtered upnp
5631/tcp filtered pcanywheredata

I have never opened those ports. I only installed LAMP and SAMBA. Why are these ports open?

The complete list of the open ports are:

22/tcp  open  ssh
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
135/tcp  filtered msrpc
139/tcp  open     netbios-ssn
143/tcp  open     imap
445/tcp  open     microsoft-ds
993/tcp  open     imaps
995/tcp  open     pop3s
4444/tcp filtered krb524
4662/tcp filtered edonkey
5000/tcp filtered upnp
5631/tcp filtered pcanywheredata

The question is why are these ports open: 135/tcp filtered msrpc, 4444/tcp filtered krb524, 4662/tcp filtered edonkey. 5000/tcp filtered upnp, 5631/tcp filtered pcanywheredata. I have never opened those ports. I only installed LAMP and SAMBA.

Does that list seem secure?

Best Answer

You can get list of ports from file called /etc/services

cat /etc/services | grep 137 (example)

Example

What ports need to be open for Samba to communicate

netbios-ns - 137 # NETBIOS Name Service

netbios-dgm - 138 # NETBIOS Datagram Service

netbios-ssn - 139 # NETBIOS session service

microsoft-ds - 445 # if you are using Active Directory

run this command netstat -anltp | grep "LISTEN"

The typical web server which runs FTP, SSH, and MySQL will have output like:

tcp     0   0 127.0.0.1:3306    0.0.0.0:*   LISTEN   21432/mysqld
tcp     0   0 0.0.0.0:80        0.0.0.0:*   LISTEN   4090/apache2
tcp     0   0 0.0.0.0:22        0.0.0.0:*   LISTEN   7213/sshd
tcp6    0   0 :::21             :::*        LISTEN   19023/proftpd
tcp6    0   0 :::22             :::*        LISTEN   7234/sshd
Related Question