S
sinbad
Guest
Hi all,
I have been using the Plesk firewall module for a while and thought everything is cool with it.
recently my PCI company sent me an email that all my ports are open on my VPS.
When I try nmap the box locally from the shell I get 986 ports closed.
when I try nmap the server IP from remote computer I get 968 ports closed.
There are many ports open here that I never allowed in the firewall module.
I have a 'Block all other incoming traffic' rule so I expected to have much less open ports in the scan.
this is the output of my local nmap scan
which match the rule I have set in the firewall module.
however when scanned from my home I get this
this is what I have under plesk firewall
Anyone can explain why do I get 2 different results and why do I have listed 986 closed ports where they all suppose to be closed except the few rules I allowed?
Will appreciate any response...
I have been using the Plesk firewall module for a while and thought everything is cool with it.
recently my PCI company sent me an email that all my ports are open on my VPS.
When I try nmap the box locally from the shell I get 986 ports closed.
when I try nmap the server IP from remote computer I get 968 ports closed.
There are many ports open here that I never allowed in the firewall module.
I have a 'Block all other incoming traffic' rule so I expected to have much less open ports in the scan.
this is the output of my local nmap scan
Code:
21/tcp open ftp
25/tcp open smtp
80/tcp open http
106/tcp open pop3pw
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
783/tcp open spamassassin
993/tcp open imaps
995/tcp open pop3s
1500/tcp open vlsi-lm
3306/tcp open mysql
8443/tcp open https-alt
however when scanned from my home I get this
Code:
Not shown: 968 closed ports
PORT STATE SERVICE
1/tcp open tcpmux
21/tcp open ftp
22/tcp open ssh
24/tcp open priv-mail
25/tcp open smtp
30/tcp open unknown
43/tcp open whois
80/tcp open http
110/tcp open pop3
113/tcp open auth
125/tcp open locus-map
143/tcp open imap
199/tcp open smux
256/tcp open fw1-secureremote
301/tcp open unknown
311/tcp open asip-webadmin
417/tcp open onmux
443/tcp open https
481/tcp open dvs
512/tcp open exec
541/tcp open uucp-rlogin
554/tcp open rtsp
667/tcp open unknown
720/tcp open unknown
722/tcp open unknown
873/tcp open rsync
993/tcp open imaps
995/tcp open pop3s
1025/tcp open NFS-or-IIS
1723/tcp open pptp
3389/tcp open ms-term-serv
8080/tcp open http-proxy
this is what I have under plesk firewall
Code:
ssh_custom Allow incoming from all on port 1500/tcp
Plesk administrative interface Allow incoming from all
WWW server Allow incoming from all
FTP server Allow incoming from all
SSH (secure shell) server Deny incoming from all
SMTP (submission port) server Allow incoming from all
SMTP (mail sending) server Allow incoming from all
POP3 (mail retrieval) server Allow incoming from all
IMAP (mail retrieval) server Allow incoming from all
Mail password change service Deny incoming from all
MySQL server Allow incoming from xx.xx.xx.xx, 127.0.0.1
Deny incoming from all others
PostgreSQL server Allow incoming from xx.xx.xx.xx, 127.0.0.1
Deny incoming from all others
Tomcat administrative interface Deny incoming from all
Samba (file sharing in Windows networks) Deny incoming from all
Plesk VPN Allow incoming from all
Domain name server Allow incoming from all
Ping service Deny incoming from all
System policy for incoming traffic Deny all other incoming traffic
mailOut Allow outgoing to all on ports 143/tcp, 465/tcp
System policy for outgoing traffic Deny all other outgoing traffic
System policy for forwarding of traffic Deny forwarding of all other traffic
Will appreciate any response...