+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: firewall blocks ispcp server due to portscans (/thread-13071.html)
firewall blocks ispcp server due to portscans - organiccode - 03-15-2011 07:24 PM
Hi,
Installed ispCP 1.0.7 as usual on a brand new Debian 5.0. No special configs so far, works great. Its meant to be used as an internal dev server. However there is a problem with the firewall (watchguard). It registers portscans coming from the machine and blocks it from the net.
Is it possible that one of the services utilized by ispCP creates anything that could be or look like a portscan? Yes, nmap and hping are installed, both of which can be used to scan ports. Yet I'm the only user on the machine, therefore would know about their usage.
Thanks for any hint you might have
cu
Roman
RE: firewall blocks ispcp server due to portscans - kilburn - 03-20-2011 04:31 AM
No, ispcp should not be scanning anything except the machine itself (to show which ports are open in the ports page). Since these are local connections, they should not hit your firewall and trigger any rules.
Therefore, I suspect that your machine might be infected by some kind of rootkit. Have you inspected the output of rkhunter?