0

I have an aws lightsail instance that I chose to open all tcp ports for public access. See attached below: network configuration of AWS instance

However, when I tried to nmap remote aws server using my local machine I could not get ports listed except 22, 80. Please see below for full nmap output:

sudo nmap -O 63.32.215.162   
Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-19 23:49 +03
Nmap scan report for ec2-63-32-215-162.eu-west-1.compute.amazonaws.com (63.32.215.162)
Host is up (0.013s latency).
Not shown: 997 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
53/tcp open  domain
80/tcp open  http
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 3.18 (93%), Android 5.1 (93%), Linux 2.6.32 (93%), Linux 3.10 - 4.8 (93%), Linux 3.11 (93%), Linux 3.2 - 3.16 (93%), Linux 3.2 - 3.8 (93%), Linux 3.2 - 4.8 (93%), Linux 2.6.26 - 2.6.35 (92%), Linux 2.6.32 - 3.10 (92%)
No exact OS matches for host (test conditions non-ideal).

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 24.52 seconds
Mohamad Ibrahim
  • 101
  • 2
  • There could be an instance based firewall on the instance, or your PC may be limited by antivirus / ISP. Can you try from another instance in the same VPC? AWS spot instances are good for this kind of testing. – Tim Nov 19 '18 at 20:55
  • @Tim why same VPC? this theoretically should open all ports to public, should not it? – Mohamad Ibrahim Nov 19 '18 at 20:58
  • 1
    Do you have processes *listening* on ports other than 22 and 80? If there's no process listening, they're seen as `closed`, and are thus in the "Not shown: 997 filtered ports" bit. https://superuser.com/questions/257638/how-to-show-closed-ports-in-nmap – ceejayoz Nov 19 '18 at 21:02
  • Inside the same VPC can avoid some problems. Try from within the VPC, then in a different VPC which is essentially public. But CJ makes a good point. – Tim Nov 19 '18 at 21:04
  • @ceejayoz I have installed nmap on the instance which is supposed to run a process listener by each port . So, answering your question is yes – Mohamad Ibrahim Nov 19 '18 at 21:11
  • @MohamadIbrahim Can you show us your `nmap --listen` options, and confirm that it's actually running as you expect? I doubt it starts itself automatically; that's up to you. – ceejayoz Nov 19 '18 at 21:15
  • @ceejayoz thanks for helping. There is not such --listen command.. It is not recognized for me – Mohamad Ibrahim Nov 19 '18 at 21:21
  • OK, let's back up a bit, then. **How** are you running the "process listener"? Have you checked that it is running in the process list on the server? – ceejayoz Nov 19 '18 at 21:23

0 Answers0