0

I have hosted multiple web servers on port tcp/80, tcp/443, tcp/3333, tcp/8443, tcp/8080, tcp/8081.

The VM is a DigitalOcean droplet with Debian 10 OS.

I able to access web servers at port 80 and 443 but not the other ports.

I have done the following:

  1. Attached Digital ocean firewall to the droplet and allowed all tcp and udp ports.
  2. Configured iptables to send a receive packets on all the above mentioned ports.
  3. I get valid responses for curl requests that I send locally from VM terminal.
  4. All ports are open and listening as per netstat result.

Upon running Nmap to scan open ports, I get:

Scanned at 2021-10-01 06:31:47 EDT for 2s

PORT     STATE    SERVICE         REASON
80/tcp   open     http            syn-ack ttl 54
443/tcp  open     https           syn-ack ttl 54
3333/tcp filtered dec-notes       no-response
8080/tcp filtered http-proxy      no-response
8081/tcp filtered blackice-icecap no-response
8443/tcp filtered https-alt       no-response

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.74 seconds

IPTables Result:

root@mail:~/gophish# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:3333
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8443
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:tproxy

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:3333
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:tproxy

Below is the list of all currently running services.

root@mail:~/gophish# service --status-all
 [ + ]  amavis
 [ - ]  amavis-mc
 [ - ]  amavisd-snmp-subagent
 [ + ]  apparmor
 [ - ]  clamav-daemon
 [ + ]  clamav-freshclam
 [ + ]  cloud-config
 [ + ]  cloud-final
 [ + ]  cloud-init
 [ + ]  cloud-init-local
 [ + ]  cron
 [ + ]  dbus
 [ + ]  dovecot
 [ + ]  fail2ban
 [ - ]  gdomap
 [ - ]  hwclock.sh
 [ + ]  kmod
 [ + ]  lm-sensors
 [ + ]  mysql
 [ + ]  netfilter-persistent
 [ + ]  networking
 [ + ]  nginx
 [ + ]  ntp
 [ + ]  php7.3-fpm
 [ + ]  postfix
 [ + ]  procps
 [ + ]  resolvconf
 [ - ]  rsync
 [ + ]  rsyslog
 [ - ]  screen-cleanup
 [ - ]  spamassassin
 [ + ]  ssh
 [ - ]  sudo
 [ + ]  udev
 [ + ]  ufw
 [ + ]  unscd
 [ + ]  uwsgi

netstat result: (Is it supposed to show tcp6? or tcp?)

root@mail:~/gophish# netstat -ano | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      off (0.00/0/0)
tcp        0      0 127.0.0.1:9999          127.0.0.1:45580         TIME_WAIT   timewait (9.83/0/0)
tcp6       0      0 :::8080                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::80                   :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::8081                 :::*                    LISTEN      off (0.00/0/0)

Are there any additional controls that might be causing this?

Please let me know. Thanks in advance!

KazikM
  • 215
  • 1
  • 3
  • 11
Wisam Ahmed
  • 1
  • 2

0 Answers0