I am running these commands to get a list of all open ports on my Ubuntu 16 server. I was wondering why ports 1-25 appear to be open? Is this a security risk or is this normal for an Ubuntu server?

I have specifically changed the port for ssh to 33333. Using 80/443 for public access to a site. Other than that, I haven't made any other changes myself.

UFW is on and shows as expected:

Nginx Full ALLOW Anywhere 33333/tcp ALLOW Anywhere Nginx Full (v6) ALLOW Anywhere (v6) 33333/tcp (v6) ALLOW Anywhere (v6) username@myserver:~$ sudo netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1527/mysqld tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4707/nginx -g daemo tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2018/master tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4707/nginx -g daemo tcp 0 0 0.0.0.0:33333 0.0.0.0:* LISTEN 1477/sshd tcp6 0 0 :::80 :::* LISTEN 4707/nginx -g daemo tcp6 0 0 ::1:25 :::* LISTEN 2018/master tcp6 0 0 :::443 :::* LISTEN 4707/nginx -g daemo tcp6 0 0 :::33333 :::* LISTEN 1477/sshd udp 0 0 10.19.0.5:123 0.0.0.0:* 1649/ntpd udp 0 0 xxx.xxx.xxx.xxx:123 0.0.0.0:* 1649/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 1649/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 1649/ntpd udp6 0 0 zzzz::zzzz:zzzz:zzz:123 :::* 1649/ntpd udp6 0 0 yyyy::yyyy:yyyy:yyy:123 :::* 1649/ntpd udp6 0 0 ::1:123 :::* 1649/ntpd udp6 0 0 :::123 :::* 1649/ntpd sudo lsof -nP -i | grep LISTEN sshd 1477 root 3u IPv4 14216 0t0 TCP *:33333 (LISTEN) sshd 1477 root 4u IPv6 14218 0t0 TCP *:33333 (LISTEN) mysqld 1527 mysql 22u IPv4 18444 0t0 TCP 127.0.0.1:3306 (LISTEN) master 2018 root 12u IPv4 18107 0t0 TCP 127.0.0.1:25 (LISTEN) master 2018 root 13u IPv6 18108 0t0 TCP [::1]:25 (LISTEN) nginx 4707 root 6u IPv4 43893 0t0 TCP *:80 (LISTEN) nginx 4707 root 7u IPv6 43894 0t0 TCP *:80 (LISTEN) nginx 4707 root 8u IPv4 43895 0t0 TCP *:443 (LISTEN) nginx 4707 root 9u IPv6 43896 0t0 TCP *:443 (LISTEN) nginx 4708 www-data 6u IPv4 43893 0t0 TCP *:80 (LISTEN) nginx 4708 www-data 7u IPv6 43894 0t0 TCP *:80 (LISTEN) nginx 4708 www-data 8u IPv4 43895 0t0 TCP *:443 (LISTEN) nginx 4708 www-data 9u IPv6 43896 0t0 TCP *:443 (LISTEN) nginx 4709 www-data 6u IPv4 43893 0t0 TCP *:80 (LISTEN) nginx 4709 www-data 7u IPv6 43894 0t0 TCP *:80 (LISTEN) nginx 4709 www-data 8u IPv4 43895 0t0 TCP *:443 (LISTEN) nginx 4709 www-data 9u IPv6 43896 0t0 TCP *:443 (LISTEN) 
1

1 Answer

In Ubuntu, Port 25 is used for SMTP, for sending mails which is different from receiving mails using POP3 or IMAP and its auto enable in server. So it cannot affect to port and service you change.

In Case, if you want to find out, which exact program is responsible for an open port, type:

sudo fuser -v 25/tcp 

Second, if you want to stop the program, you could use command as:

sudo stop exim4 or sudo stop exim 

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy