Open ports - Netstat

I am running these commands to get a list of all open ports on my Ubuntu 16 server. I was wondering why ports 1-25 appear to be open? Is this a security risk or is this normal for an Ubuntu server?

I have specifically changed the port for ssh to 33333. Using 80/443 for public access to a site. Other than that, I haven't made any other changes myself.

UFW is on and shows as expected:

Nginx Full ALLOW Anywhere
33333/tcp ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
33333/tcp (v6) ALLOW Anywhere (v6)
username@myserver:~$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1527/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4707/nginx -g daemo
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2018/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4707/nginx -g daemo
tcp 0 0 0.0.0.0:33333 0.0.0.0:* LISTEN 1477/sshd
tcp6 0 0 :::80 :::* LISTEN 4707/nginx -g daemo
tcp6 0 0 ::1:25 :::* LISTEN 2018/master
tcp6 0 0 :::443 :::* LISTEN 4707/nginx -g daemo
tcp6 0 0 :::33333 :::* LISTEN 1477/sshd
udp 0 0 10.19.0.5:123 0.0.0.0:* 1649/ntpd
udp 0 0 xxx.xxx.xxx.xxx:123 0.0.0.0:* 1649/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1649/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1649/ntpd
udp6 0 0 zzzz::zzzz:zzzz:zzz:123 :::* 1649/ntpd
udp6 0 0 yyyy::yyyy:yyyy:yyy:123 :::* 1649/ntpd
udp6 0 0 ::1:123 :::* 1649/ntpd
udp6 0 0 :::123 :::* 1649/ntpd
sudo lsof -nP -i | grep LISTEN
sshd 1477 root 3u IPv4 14216 0t0 TCP *:33333 (LISTEN)
sshd 1477 root 4u IPv6 14218 0t0 TCP *:33333 (LISTEN)
mysqld 1527 mysql 22u IPv4 18444 0t0 TCP 127.0.0.1:3306 (LISTEN)
master 2018 root 12u IPv4 18107 0t0 TCP 127.0.0.1:25 (LISTEN)
master 2018 root 13u IPv6 18108 0t0 TCP [::1]:25 (LISTEN)
nginx 4707 root 6u IPv4 43893 0t0 TCP *:80 (LISTEN)
nginx 4707 root 7u IPv6 43894 0t0 TCP *:80 (LISTEN)
nginx 4707 root 8u IPv4 43895 0t0 TCP *:443 (LISTEN)
nginx 4707 root 9u IPv6 43896 0t0 TCP *:443 (LISTEN)
nginx 4708 www-data 6u IPv4 43893 0t0 TCP *:80 (LISTEN)
nginx 4708 www-data 7u IPv6 43894 0t0 TCP *:80 (LISTEN)
nginx 4708 www-data 8u IPv4 43895 0t0 TCP *:443 (LISTEN)
nginx 4708 www-data 9u IPv6 43896 0t0 TCP *:443 (LISTEN)
nginx 4709 www-data 6u IPv4 43893 0t0 TCP *:80 (LISTEN)
nginx 4709 www-data 7u IPv6 43894 0t0 TCP *:80 (LISTEN)
nginx 4709 www-data 8u IPv4 43895 0t0 TCP *:443 (LISTEN)
nginx 4709 www-data 9u IPv6 43896 0t0 TCP *:443 (LISTEN)

1 Answer

In Ubuntu, Port 25 is used for SMTP, for sending mails which is different from receiving mails using POP3 or IMAP and its auto enable in server. So it cannot affect to port and service you change.

In Case, if you want to find out, which exact program is responsible for an open port, type:

sudo fuser -v 25/tcp

Second, if you want to stop the program, you could use command as:

sudo stop exim4 or sudo stop exim

Fame Burst

Open ports - Netstat

1 Answer

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

How do I get wires in fallout 4 to connect them to my generators

User Tikolu - Arqade

Highest damage dealt in Pokemon?

How do you take a screenshot in Hearthstone?