Security
Showing results for 
Search instead for 
Do you mean 

security scan showing 38 open ports: HP-UX 11.11 : Please advise what not needed?

Frequent Advisor

security scan showing 38 open ports: HP-UX 11.11 : Please advise what not needed?

Experts,

 

As per security scan before moving a system it is showing lot of open ports and questioned about closing the ports in firewall.

 

Please help determining if these are normal , or we can close any of these ports, that got scanned and showing opne in the security scan (nmap).

 

 

-----


 
Initiating SYN Stealth Scan at 07:43
 
Scanning hpux1101 (10.134.11.2) [65535 ports]
 
Discovered open port 21/tcp on 10.134.11.2
 
Discovered open port 135/tcp on 10.134.11.2
 
Discovered open port 111/tcp on 10.134.11.2
 
Discovered open port 22/tcp on 10.134.11.2
 
Discovered open port 25/tcp on 10.134.11.2
 
Discovered open port 6850/tcp on 10.134.11.2
 
Discovered open port 49434/tcp on 10.134.11.2
 
Discovered open port 49171/tcp on 10.134.11.2
 
Discovered open port 49201/tcp on 10.134.11.2
 
Discovered open port 49377/tcp on 10.134.11.2
 
Discovered open port 5053/tcp on 10.134.11.2
 
Discovered open port 4750/tcp on 10.134.11.2
 
Discovered open port 2121/tcp on 10.134.11.2
 
Discovered open port 20001/tcp on 10.134.11.2
 
Discovered open port 7937/tcp on 10.134.11.2
 
Discovered open port 7815/tcp on 10.134.11.2
 
Discovered open port 49960/tcp on 10.134.11.2
 
Discovered open port 1712/tcp on 10.134.11.2
 
Discovered open port 7938/tcp on 10.134.11.2
 
Discovered open port 8862/tcp on 10.134.11.2
 
Discovered open port 2148/tcp on 10.134.11.2
 
Discovered open port 1402/tcp on 10.134.11.2
 
Discovered open port 49347/tcp on 10.134.11.2
 
Discovered open port 31111/tcp on 10.134.11.2
 
Discovered open port 49152/tcp on 10.134.11.2
 
Discovered open port 3275/tcp on 10.134.11.2
 
Discovered open port 7954/tcp on 10.134.11.2
 
Discovered open port 2301/tcp on 10.134.11.2
 
Discovered open port 6849/tcp on 10.134.11.2
 
Discovered open port 6112/tcp on 10.134.11.2
 
Discovered open port 5989/tcp on 10.134.11.2
 
Discovered open port 49348/tcp on 10.134.11.2
 
Discovered open port 49343/tcp on 10.134.11.2
 
Discovered open port 1508/tcp on 10.134.11.2
 
Discovered open port 382/tcp on 10.134.11.2
 
Discovered open port 383/tcp on 10.134.11.2
 
Discovered open port 49961/tcp on 10.134.11.2
 
Discovered open port 5060/tcp on 10.134.11.2
 
Completed SYN Stealth Scan at 07:43, 25.62s elapsed (65535 total ports)
 
------------------------------------------------------------------------

 

 

 

 

In netstat output this is what we can see the listening ports:

 

#------------------------------------------------------------------
hpux1101:>netstat -an | grep LISTEN |grep -v 127.0.0.1
tcp        0      0  *.4750                 *.*                     LISTEN
tcp        0      0  *.2148                 *.*                     LISTEN
tcp        0      0  *.5989                 *.*                     LISTEN
tcp        0      0  *.5060                 *.*                     LISTEN
tcp        0      0  *.382                  *.*                     LISTEN
tcp        0      0  *.1712                 *.*                     LISTEN
tcp        0      0  *.111                  *.*                     LISTEN
tcp        0      0  *.383                  *.*                     LISTEN
tcp        0      0  *.49347                *.*                     LISTEN
tcp        0      0  *.7938                 *.*                     LISTEN
tcp        0      0  *.135                  *.*                     LISTEN
tcp        0      0  *.20001                *.*                     LISTEN
tcp        0      0  *.3275                 *.*                     LISTEN
tcp        0      0  *.49171                *.*                     LISTEN
tcp        0      0  *.25                   *.*                     LISTEN
tcp        0      0  *.7937                 *.*                     LISTEN
tcp        0      0  *.1508                 *.*                     LISTEN
tcp        0      0  *.22                   *.*                     LISTEN
tcp        0      0  *.7815                 *.*                     LISTEN
tcp        0      0  *.6112                 *.*                     LISTEN
tcp        0      0  *.1402                 *.*                     LISTEN
tcp        0      0  *.5053                 *.*                     LISTEN
tcp        0      0  *.49343                *.*                     LISTEN
tcp        0      0  *.2121                 *.*                     LISTEN
tcp        0      0  *.49348                *.*                     LISTEN
tcp        0      0  *.7954                 *.*                     LISTEN
tcp        0      0  *.49152                *.*                     LISTEN
tcp        0      0  *.21                   *.*                     LISTEN
tcp        0      0  *.49960                *.*                     LISTEN
tcp        0      0  *.8862                 *.*                     LISTEN
tcp        0      0  *.49377                *.*                     LISTEN
tcp        0      0  *.49961                *.*                     LISTEN
tcp        0      0  *.2301                 *.*                     LISTEN
tcp        0      0  *.31111                *.*                     LISTEN
tcp        0      0  *.49434                *.*                     LISTEN
hpux1101:>

#------------------------------------------------------------------

 

Please advise if these are normal as per the normal hp-ux services or if anything we can close  as per solaris & linux scan they dont find these much open ports and showing concern.

 

Thanks,

1 REPLY
Honored Contributor Honored Contributor

Re: security scan showing 38 open ports: HP-UX 11.11 : Please advise what not needed?

Hi

you may get a star otf answer with lsof, 

the one which will be not seen in lsof output wll be kernel opened endpoint ( by  kernel rpc, OTS, ....)

lsof will show the process attached one.