Re: sshd blocking ftp data port 20?

From: Laurens van Egmond (laurense-ihate-address-harvesters@kpn.net)
Date: 04/07/03 

From: "Laurens van Egmond" <laurense-ihate-address-harvesters@kpn.net>
Date: Mon, 7 Apr 2003 13:53:03 +0200

Yup, would think so.
If you telnetted to this port and got the response you did, then there is
something listening that looks like sshd.
If you want to see which process is using the port try (with a 'good' one)
netstat with the 'p'-switch (on a linux box that is)

Cheerz.
Laurens

"root8192" <root_8192@linuxmail.org> wrote in message
news:b08791b0.0304011953.66689869@posting.google.com...
> apparently some microsoft ftp users are getting the 425 "can't create
> data socket; address already in use" error after a successful login to
> this client's server.
>
> [root@www bin]# telnet localhost 20
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SSH-1.5-1.2.27
>
> This system is running redhat 7.2
> The sshd configuration file points to port 22 as is normal.
>
> i ran lsof and did not see anything unusual. one aspect that seems
> strange is the netstat output where there is no indication of ports 20
> or 22 in use:
>
> [root@www root]# netstat -alnt
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State
> tcp 0 0 0.0.0.0:80 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:21 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:501 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:443 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:3133 0.0.0.0:*
> LISTEN
>
> i don't think sshd should be hidden from view.
> i am recommending they reinstall sshd and wipe the old files.
> the reason i am recommending this is because their netstat originally
> looked like this:
>
> -rwxr-xr-x 1 hong xhftp 30640 Jul 31 2001 /bin/netstat
>
> and normal arguments to netstat like -alnt failed. output was also
> limited.
> then i noticed
> [root@www bin]# lsattr netstat
> -u-ia-------- netstat
>
> i scp -p a local netstat binary over to that machine in order to read
> full output.
>
> if anyone has any comments etc.
> my goal is not to secure their system.
> my orders are to fix the ftp problem 425 error.
> i assume that the answer lies in the sshd response to port 20?
>
> thanks

Relevant Pages

  • Re: Netstat results - problem?
    ... listening corresponding to a port. ... Luca Vix Visconti wrote: ... >> Have I a trojan or does this look like normal netstat logs? ...
    (comp.security.misc)
  • Re: Cant connect to Terminal Services following upgrade of Win 2003 to service pack 1
    ... Is the server listening on port 3389? ... - an" at a command prompt. ... I've done a netstat -an and it says that port 3389 is ...
    (microsoft.public.windows.terminal_services)
  • Re: Tomcat Doesnt Seem To Start In Fedora 8
    ... The result of netstat is ... If I understand the above correctly, something is indeed listening on port 8080...but what? ... I also grepped on '80' to list processes running on any 80xx port. ...
    (Fedora)
  • RE: Terminal Server session creation failed
    ... I did a netstat -an but there is no port 3389 listed. ... > If you bring up the tsadmin utility, is the RDP-tcp listener in the ... > listening state, rather than being 'down' or similar state? ...
    (microsoft.public.windows.terminal_services)
  • RE: FW: DNAT SSH
    ... I would like to obscure the SSHD listening port from 22 to another, ... can the packet bypass the INPUT filter chain? ... I think the simplest solution is to get sshd to listen on both ports. ...
    (RedHat)