-1

I am running these commands to get a list of all open ports on my Ubuntu 16 server. I was wondering why ports 1-25 appear to be open? Is this a security risk or is this normal for an Ubuntu server?

I have specifically changed the port for ssh to 33333. Using 80/443 for public access to a site. Other than that, I haven't made any other changes myself.

UFW is on and shows as expected:

Nginx Full                 ALLOW       Anywhere                  
33333/tcp                  ALLOW       Anywhere                  
Nginx Full (v6)            ALLOW       Anywhere (v6)             
33333/tcp (v6)             ALLOW       Anywhere (v6)   


username@myserver:~$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1527/mysqld     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      4707/nginx -g daemo
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2018/master     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4707/nginx -g daemo
tcp        0      0 0.0.0.0:33333           0.0.0.0:*               LISTEN      1477/sshd       
tcp6       0      0 :::80                   :::*                    LISTEN      4707/nginx -g daemo
tcp6       0      0 ::1:25                  :::*                    LISTEN      2018/master     
tcp6       0      0 :::443                  :::*                    LISTEN      4707/nginx -g daemo
tcp6       0      0 :::33333                :::*                    LISTEN      1477/sshd       
udp        0      0 10.19.0.5:123           0.0.0.0:*                           1649/ntpd       
udp        0      0 xxx.xxx.xxx.xxx:123     0.0.0.0:*                           1649/ntpd       
udp        0      0 127.0.0.1:123           0.0.0.0:*                           1649/ntpd       
udp        0      0 0.0.0.0:123             0.0.0.0:*                           1649/ntpd       
udp6       0      0 zzzz::zzzz:zzzz:zzz:123 :::*                                1649/ntpd       
udp6       0      0 yyyy::yyyy:yyyy:yyy:123 :::*                                1649/ntpd       
udp6       0      0 ::1:123                 :::*                                1649/ntpd       
udp6       0      0 :::123                  :::*                                1649/ntpd  


sudo lsof -nP -i | grep LISTEN
sshd    1477      root    3u  IPv4  14216      0t0  TCP *:33333 (LISTEN)
sshd    1477      root    4u  IPv6  14218      0t0  TCP *:33333 (LISTEN)
mysqld  1527     mysql   22u  IPv4  18444      0t0  TCP 127.0.0.1:3306 (LISTEN)
master  2018      root   12u  IPv4  18107      0t0  TCP 127.0.0.1:25 (LISTEN)
master  2018      root   13u  IPv6  18108      0t0  TCP [::1]:25 (LISTEN)
nginx   4707      root    6u  IPv4  43893      0t0  TCP *:80 (LISTEN)
nginx   4707      root    7u  IPv6  43894      0t0  TCP *:80 (LISTEN)
nginx   4707      root    8u  IPv4  43895      0t0  TCP *:443 (LISTEN)
nginx   4707      root    9u  IPv6  43896      0t0  TCP *:443 (LISTEN)
nginx   4708  www-data    6u  IPv4  43893      0t0  TCP *:80 (LISTEN)
nginx   4708  www-data    7u  IPv6  43894      0t0  TCP *:80 (LISTEN)
nginx   4708  www-data    8u  IPv4  43895      0t0  TCP *:443 (LISTEN)
nginx   4708  www-data    9u  IPv6  43896      0t0  TCP *:443 (LISTEN)
nginx   4709  www-data    6u  IPv4  43893      0t0  TCP *:80 (LISTEN)
nginx   4709  www-data    7u  IPv6  43894      0t0  TCP *:80 (LISTEN)
nginx   4709  www-data    8u  IPv4  43895      0t0  TCP *:443 (LISTEN)
nginx   4709  www-data    9u  IPv6  43896      0t0  TCP *:443 (LISTEN)
JoaMika
  • 135
  • Which entries are you concerned about, specifically? remember that a local address of 127.0.0.1 (or ::1 in the case of IPv6) indicates that the service is only listening on the loopback interface, rather than the external interface. – steeldriver Aug 02 '17 at 17:55

1 Answers1

1

In Ubuntu, Port 25 is used for SMTP, for sending mails which is different from receiving mails using POP3 or IMAP and its auto enable in server. So it cannot affect to port and service you change.

In Case, if you want to find out, which exact program is responsible for an open port, type:

sudo fuser -v 25/tcp

Second, if you want to stop the program, you could use command as: 

sudo stop exim4 or sudo stop exim
Kotler
  • 589