Why don't some ports identified by Nexpose security scan appear in netstat
Posted on 2014-07-29
I ran a Nexpose security scan against a VMware linux appliance. (vmware data protection)
ports 443 came back with 3 severe vulnerabilities, and port 22 with one.
I putty'd to the appliance, logged in as root, and ran
Long list of open ports came back, but not ports 443 and 22
Ran Nexpose again and it still listed ports 443 and 22 vulnerabilities
The 443 vulnerabilities related to TLS/SSL ciphers and certificates, and openssl
port 22 was related to SSH. Openssl and certificates are installed on the appliance so it appears to be correct.
Why don't these ports 22 and 443 appear in netstat?