Re: security scan showing 38 open ports: HP-UX 11.11 : Please advise what not needed? (421 Views)
Reply
Frequent Advisor
rveri-admin
Posts: 50
Registered: ‎06-25-2012
Message 1 of 2 (430 Views)

security scan showing 38 open ports: HP-UX 11.11 : Please advise what not needed?

Experts,

 

As per security scan before moving a system it is showing lot of open ports and questioned about closing the ports in firewall.

 

Please help determining if these are normal , or we can close any of these ports, that got scanned and showing opne in the security scan (nmap).

 

 

-----


 
Initiating SYN Stealth Scan at 07:43
 
Scanning hpux1101 (10.134.11.2) [65535 ports]
 
Discovered open port 21/tcp on 10.134.11.2
 
Discovered open port 135/tcp on 10.134.11.2
 
Discovered open port 111/tcp on 10.134.11.2
 
Discovered open port 22/tcp on 10.134.11.2
 
Discovered open port 25/tcp on 10.134.11.2
 
Discovered open port 6850/tcp on 10.134.11.2
 
Discovered open port 49434/tcp on 10.134.11.2
 
Discovered open port 49171/tcp on 10.134.11.2
 
Discovered open port 49201/tcp on 10.134.11.2
 
Discovered open port 49377/tcp on 10.134.11.2
 
Discovered open port 5053/tcp on 10.134.11.2
 
Discovered open port 4750/tcp on 10.134.11.2
 
Discovered open port 2121/tcp on 10.134.11.2
 
Discovered open port 20001/tcp on 10.134.11.2
 
Discovered open port 7937/tcp on 10.134.11.2
 
Discovered open port 7815/tcp on 10.134.11.2
 
Discovered open port 49960/tcp on 10.134.11.2
 
Discovered open port 1712/tcp on 10.134.11.2
 
Discovered open port 7938/tcp on 10.134.11.2
 
Discovered open port 8862/tcp on 10.134.11.2
 
Discovered open port 2148/tcp on 10.134.11.2
 
Discovered open port 1402/tcp on 10.134.11.2
 
Discovered open port 49347/tcp on 10.134.11.2
 
Discovered open port 31111/tcp on 10.134.11.2
 
Discovered open port 49152/tcp on 10.134.11.2
 
Discovered open port 3275/tcp on 10.134.11.2
 
Discovered open port 7954/tcp on 10.134.11.2
 
Discovered open port 2301/tcp on 10.134.11.2
 
Discovered open port 6849/tcp on 10.134.11.2
 
Discovered open port 6112/tcp on 10.134.11.2
 
Discovered open port 5989/tcp on 10.134.11.2
 
Discovered open port 49348/tcp on 10.134.11.2
 
Discovered open port 49343/tcp on 10.134.11.2
 
Discovered open port 1508/tcp on 10.134.11.2
 
Discovered open port 382/tcp on 10.134.11.2
 
Discovered open port 383/tcp on 10.134.11.2
 
Discovered open port 49961/tcp on 10.134.11.2
 
Discovered open port 5060/tcp on 10.134.11.2
 
Completed SYN Stealth Scan at 07:43, 25.62s elapsed (65535 total ports)
 
------------------------------------------------------------------------

 

 

 

 

In netstat output this is what we can see the listening ports:

 

#------------------------------------------------------------------
hpux1101:>netstat -an | grep LISTEN |grep -v 127.0.0.1
tcp        0      0  *.4750                 *.*                     LISTEN
tcp        0      0  *.2148                 *.*                     LISTEN
tcp        0      0  *.5989                 *.*                     LISTEN
tcp        0      0  *.5060                 *.*                     LISTEN
tcp        0      0  *.382                  *.*                     LISTEN
tcp        0      0  *.1712                 *.*                     LISTEN
tcp        0      0  *.111                  *.*                     LISTEN
tcp        0      0  *.383                  *.*                     LISTEN
tcp        0      0  *.49347                *.*                     LISTEN
tcp        0      0  *.7938                 *.*                     LISTEN
tcp        0      0  *.135                  *.*                     LISTEN
tcp        0      0  *.20001                *.*                     LISTEN
tcp        0      0  *.3275                 *.*                     LISTEN
tcp        0      0  *.49171                *.*                     LISTEN
tcp        0      0  *.25                   *.*                     LISTEN
tcp        0      0  *.7937                 *.*                     LISTEN
tcp        0      0  *.1508                 *.*                     LISTEN
tcp        0      0  *.22                   *.*                     LISTEN
tcp        0      0  *.7815                 *.*                     LISTEN
tcp        0      0  *.6112                 *.*                     LISTEN
tcp        0      0  *.1402                 *.*                     LISTEN
tcp        0      0  *.5053                 *.*                     LISTEN
tcp        0      0  *.49343                *.*                     LISTEN
tcp        0      0  *.2121                 *.*                     LISTEN
tcp        0      0  *.49348                *.*                     LISTEN
tcp        0      0  *.7954                 *.*                     LISTEN
tcp        0      0  *.49152                *.*                     LISTEN
tcp        0      0  *.21                   *.*                     LISTEN
tcp        0      0  *.49960                *.*                     LISTEN
tcp        0      0  *.8862                 *.*                     LISTEN
tcp        0      0  *.49377                *.*                     LISTEN
tcp        0      0  *.49961                *.*                     LISTEN
tcp        0      0  *.2301                 *.*                     LISTEN
tcp        0      0  *.31111                *.*                     LISTEN
tcp        0      0  *.49434                *.*                     LISTEN
hpux1101:>

#------------------------------------------------------------------

 

Please advise if these are normal as per the normal hp-ux services or if anything we can close  as per solaris & linux scan they dont find these much open ports and showing concern.

 

Thanks,

Honored Contributor
Laurent Menase
Posts: 1,079
Registered: ‎11-06-2003
Message 2 of 2 (421 Views)

Re: security scan showing 38 open ports: HP-UX 11.11 : Please advise what not needed?

Hi

you may get a star otf answer with lsof, 

the one which will be not seen in lsof output wll be kernel opened endpoint ( by  kernel rpc, OTS, ....)

lsof will show the process attached one.

 

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.