I was scanning one of my friends servers using nmap and got these port details.
PORT STATE SERVICE 22/tcp open ssh 42/tcp filtered nameserver 80/tcp open http 111/tcp open rpcbind 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 161/tcp filtered snmp 179/tcp filtered bgp 443/tcp open https 1028/tcp filtered unknown 1080/tcp filtered socks 3128/tcp filtered squid-http 6666/tcp filtered irc 6667/tcp filtered irc 6668/tcp filtered irc 7402/tcp open unknown 10082/tcp open amandaidx
And when I logged into the machine using SSh and scanned it again using nmap, I got the following result
PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 443/tcp open https 631/tcp open ipp 7402/tcp open rtps-dd-mt 10082/tcp open amandaidx
Why question is why is it showing IRC ports and Squid Ports on the first scan? We don’t have anything installed in it. Its a dedicated box and not running on VM. Is there any possibility that it might have been compromised? It doesn’t have any IPtables on it too.
These ports are most likely being filtered by your friend’s Internet Service Provider.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.