Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Why don't some ports identified by Nexpose security scan appear in netstat

Posted on 2014-07-29
9
Medium Priority
?
415 Views
Last Modified: 2014-08-04
I ran a Nexpose security scan against a VMware linux appliance. (vmware data protection)
ports 443 came back with 3 severe vulnerabilities, and port 22 with one.

I putty'd to the appliance, logged in as root, and ran

netstat -ap

Long list of open ports came back, but not ports 443 and 22
Ran Nexpose again and it still listed ports 443 and 22 vulnerabilities

The 443 vulnerabilities related to TLS/SSL ciphers and certificates, and openssl
port 22 was related to SSH.  Openssl and certificates are installed on the appliance so it appears to be correct.

Why don't these ports 22 and 443 appear in netstat?
0
Comment
Question by:dakota5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 2
9 Comments
 
LVL 5

Expert Comment

by:Pasha Kravtsov
ID: 40227518
One of the reasons could be your machine has a rootkit on it and they have hooked certain functions so that the malicious users weren't noticed. Try telnet'ing to port 22 or port 443 and see what happens.
and just double check
netstat -ap | grep 443
netstat -ap | grep 22

Open in new window

do you have a sshd service running? or a webserver such as apache?
0
 

Assisted Solution

by:dakota5
dakota5 earned 0 total points
ID: 40228281
I discovered that netstat (at least the version distributed in the VMWare appliance) lists the common ports (443, 22, 80, etc)  only by the service names.

port 443 is only listed as https
port 22 is only listed as ssh.

netstat -apt | grep https
netstat -apt | grep ssh

return the expected ports.
0
 

Author Comment

by:dakota5
ID: 40228286
I've requested that this question be closed as follows:

Accepted answer: 0 points for dakota5's comment #a40228281
Assisted answer: 100 points for Pasha Kravtsov's comment #a40227518

for the following reason:

the expert's solution was not actually correct.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 

Author Comment

by:dakota5
ID: 40228285
Just wanted to soften my comment.  The expert did try, but his comment was not useful in this particular instance.
0
 

Author Comment

by:dakota5
ID: 40228287
just wanted to soften my comment.  the expert did try, but his comment was not useful in this particular instance.
0
 

Author Comment

by:dakota5
ID: 40229960
I've requested that this question be closed as follows:

Accepted answer: 0 points for dakota5's comment #a40228281
Assisted answer: 100 points for Pasha Kravtsov's comment #a40227518

for the following reason:

The experts comment might be useful for other situations, but was not actually the issue in this particular instance.
0
 
LVL 5

Accepted Solution

by:
Pasha Kravtsov earned 2000 total points
ID: 40229383
You can see what is running on those ports by doing this command:
lsof -i :22
lsof -i :443

Open in new window

0
 

Author Comment

by:dakota5
ID: 40229961
The expert's latest contribution is actually the best solution.
0
 

Author Closing Comment

by:dakota5
ID: 40238553
my own contribution was first, and is an easy solution as well.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question