I'm getting some weird results on one of my vps while doing an NMAP scan:
NSE: Script scanning 178.209.51.63.
Initiating NSE at 10:05
Completed NSE at 10:05, 5.08s elapsed
Nmap scan report for vps12.sparklingclouds.nl (178.209.51.63)
Host is up (0.041s latency).
Not shown: 65521 closed ports
PORT STATE SERVICE VERSION
25/tcp filtered smtp
37/tcp filtered time
80/tcp open http lighttpd
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
|_http-title: Did not follow redirect to https://raymii.org/cms/p_start
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
199/tcp open smux Linux SNMP multiplexer
443/tcp open ssl/http lighttpd
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
|_http-title: Did not follow redirect to https://raymii.org/cms/p_start
| ssl-cert: Subject: commonName=raymii.org
| Issuer: commonName=PositiveSSL CA 2/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2012-06-24T23:00:00+00:00
| Not valid after: 2014-06-25T22:59:59+00:00
| MD5: 62b0 2d8d ab9a 8822 45ab d042 ba27 2fe3
|_SHA-1: a01b 894d 1257 9d88 efce 97d2 7107 f380 b05f 5968
|_ssl-date: 2012-12-30T09:05:53+00:00; 0s from local time.
445/tcp filtered microsoft-ds
3100/tcp open unknown
4949/tcp open tcpwrapped
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.32 - 2.6.35
Uptime guess: 104.140 days (since Mon Sep 17 07:44:58 2012)
Network Distance: 11 hops
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
I don't know what the port 199 and port 3100 are (Linux SNMP Multiplexer), and when doing a netstat -tulpen on the host I don't see them:
---[vps12][~]
|----> sudo netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 3887238881 13554/lighttpd
tcp 0 0 0.0.0.0:4949 0.0.0.0:* LISTEN 0 42890154 32100/munin-node
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 1400703131 30937/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 3887238882 13554/lighttpd
Also not running anything weird, via ps aux...
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.5 8356 664 ? Ss Sep19 46:04 init [2]
root 8159 0.0 2.1 8252 2772 ? Ss 09:15 0:00 sshd: remy [priv]
remy 8264 0.0 1.1 8396 1468 ? S 09:15 0:00 sshd: remy@pts/32
remy 8273 0.0 1.2 2996 1648 pts/32 Ss 09:15 0:00 -bash
www-data 13554 0.0 2.6 8896 3424 ? S Dec10 0:57 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
www-data 13557 0.0 2.6 17816 3456 ? Ss Dec10 0:00 /usr/bin/php-cgi
www-data 13579 0.0 2.6 18072 3480 ? S Dec10 0:02 /usr/bin/php-cgi
www-data 13580 0.0 2.6 18072 3480 ? S Dec10 0:02 /usr/bin/php-cgi
www-data 13581 0.0 2.6 18072 3480 ? S Dec10 0:02 /usr/bin/php-cgi
www-data 13582 0.0 2.6 18072 3484 ? S Dec10 0:02 /usr/bin/php-cgi
postfix 15587 0.0 1.3 5788 1748 ? S 08:50 0:00 pickup -l -t fifo -u -c
postfix 22969 0.0 2.0 6280 2680 ? S Dec27 0:00 tlsmgr -l -t unix -u -c
remy 23889 0.0 0.6 2348 916 pts/32 R+ 09:21 0:00 ps aux
root 30937 0.0 1.3 5772 1832 ? Ss Dec27 0:00 /usr/lib/postfix/master
postfix 30942 0.0 1.4 5832 1932 ? S Dec27 0:00 qmgr -l -t fifo -u
root 31725 0.0 0.3 1872 512 ? Ss Sep19 8:30 /usr/sbin/vnstatd -d
root 31727 0.0 0.8 20128 1148 ? Sl Sep19 1:42 /usr/sbin/rsyslogd -c4
root 31770 0.0 0.5 5488 668 ? Ss Sep19 0:06 /usr/sbin/sshd
root 32100 0.0 3.8 7144 5040 ? Ss Sep19 6:39 /usr/sbin/munin-node
Anybody has some info on the port 199 and 3100 stuff?