Currently I have these ports open in my router (I've disabled ISPConfig firewall Management>Services>Firewall) FTP 21 SSH 25 DNS 53 www 80 ISPconfig 81 POP3 110 SSL(www) 443 Webmin 10000 When I do a port scan (Tools>Portscanner) I get this: Port 21 (tcp) is open (ftp)! Port 22 (tcp) is open (ssh)! Port 25 (tcp) is open (smtp)! Port 53 (tcp) is open (domain)! Port 80 (tcp) is open (www)! Port 81 (tcp) is open (unknown)! Port 110 (tcp) is open (pop3)! Port 143 (tcp) is open (imap2)! Port 443 (tcp) is open (https)! Port 953 (tcp) is open (unknown)! Port 993 (tcp) is open (imaps)! Port 995 (tcp) is open (pop3s)! Port 3306 (tcp) is open (mysql)! Port 48431 (tcp) is open (unknown)! Which ports should be open?
I'd open ports 21 (FTP), 22 (SSH), 25 (SMTP), 53 (DNS) (TCP and UDP), 80 (http), 81 (ISPConfig), 110 (POP3), 143 (IMAP), 443 (https), 993 (IMAPs), 995 (POP3s). If you want to allow remote connections to MySQL, then you also have to open port 3306. What's running on port 48431?
Whats running on that port???? Try looking at this you may have a problem or you may not, depends if you have activated something. http://www.seifried.org/security/ports/48000/48431.html
That port.. Each time I do a portscanner I get entries with port values ranging from 30000 to 60000 .. the values change each time I do a port scan... and the number of entries changes as well, 0-3 entries.. Is that bad? How do I find out what is causing this?
As the page says that mphayesuk linked to these ports are used for outbound connections. So if someone is using ftp or http, etc. at the time of the scan then you'll see those ports.
