I am trying to close all possible ports on my solaris and linux servers.
I am stuck on the following ports on both Solaris 10 (local zone) and Linux (Suse) servers.
Here is nmap output :
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
1720/tcp open H.323/Q.931
1863/tcp open unknown
PORT STATE SERVICE
22/tcp open ssh
1720/tcp open H.323/Q.931
1863/tcp open unknown
8080/tcp open http-proxy
As you can see in bold on both servers I got 1720/tcp and 1863/tcp ports (telnet as well shows that it is listening).
Do anybody knows what is listening on these ports ?
I try to keep only ssh and web ports.
(I tried lsof/netstat/fuser and stuff but no result with these ports).
Don't quote me (and don't know if it'll help to much) but I think if I remember correctly it has port 1720 is some kind of VoIP, maybe that was on a Windows system.
OK had me thinking if I remembered correctly and I found the following information from http://www.voipvoice.com/faq.html \(hope it's OK to post the link :\) \) - it's the 3rd last question asked and might provide you with a little more information.
For H.323 \(MS Netmeeting etc�\)
* TCP port 1720 \(H.225 call signalling for hosts\)
* TCP ports 11000 to 65535 \(H.245 capability exchange\)
* UDP ports 16384 to 32767 RTP audio stream\)
For H.323 \(Callserve\)
* UDP port 1719 \(Callserve signalling\)
* TCP port 1720 \(Callserve signalling\)
* UDP ports 5000 to 65535 \(RTP audio stream\)
Thanks for the answer.
I am dubious about solaris/linux having msn and h323 protocols out of the box
I check netstat but nothing about this ports.
So still no clue about how to close this ports.