Results 1 to 5 of 5

Thread: Nmap shows MySQL and Apache ports open...dangerous?

  1. #1
    Join Date
    Jun 2012
    Beans
    9

    Nmap shows MySQL and Apache ports open...dangerous?

    Hey all, I did a port scan of my computer today and it is showing that MySQL and Apache ports are Open. Is there a way to "close" these ports while keeping the server and database running? They are both running in the context of Snort IDS along with ACID/BASE.

    Thanks.


    In addition, it's showing CUPS and another domain process as open. Googling these advises that there is no real danger having these ports open. Would also entertain opinions on this.

  2. #2
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Nmap shows MySQL and Apache ports open...dangerous?

    Totally depends on where you ran the scan from and if sql, apache & cups are NAT'd. If you ran the scan across the internet then those ports are open to the world, you'll need some extra controls around them. If these services are running behind a router and the ports aren't forwarded then it's far less of a concern.

    Did you run the scan from inside the subnet? Which scanner did you use, shields up?

  3. #3
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,813
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Nmap shows MySQL and Apache ports open...dangerous?

    I believe all ports are open by default but with no listening services. If you do not have any listening services on these ports, then it doesn't really matter. I you do have listening services (such as servers -- in your example a web server and mysql server), you should take appropriate security methods to restrict access to these services either through modifications of the /etc configuration files for the program, or via use of iptables or by placing your computer behind a router and limiting the NAT translation to your computer.

  4. #4
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Nmap shows MySQL and Apache ports open...dangerous?

    Well, as the others have indicated, "it depends".

    1. What / how did you perform the scan ? Port 80 (Apache) could be your router.

    2. What services are you wanting to run ? Who do you want to have access.

    In general, Apache is designed for public access, so what would be the point of blocking it with iptables ?

    In general, mysql should only be listening on localhost, but it can be configured otherwise.

    Based on what little information the OP has given, anyone's guess really.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  5. #5
    Join Date
    Mar 2013
    Beans
    14

    Re: Nmap shows MySQL and Apache ports open...dangerous?

    Sounds like you did a # nmap localhost scan lol. By default Mysql listens on 127.0.0.1, so unless you didn't explicitly changed this in the config, I can only imagine you may have portscanned your localhost.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •