I'm using Windows Server 2003. I decided to port scan my server today to make sure that only needed ports are open. Everything looked good except port 21 was open. I have no FTP server installed. There are no firewall rules allowing port 21 to be used. I connected to the port and whatever is listening sends no data. I didn't get forcefully disconnected, but instead after about 20-30 seconds I get the error message "Connection was aborted due to timeout or other failure." I tried netstat and tcpview but neither program lists anything listening on that port. It shows all my other services just fine. I tried to run rootkit revealer, but I guess it doesn't work on win2k3. Any ideas?
Did you try and FTP into the port? Are you running IIS? IIS generally opens port 21. Is your server behind a hardware firewall or just the Windows firewall?
Yes I did. Like I said it sends you no data and then you get a connection error. Yes I am running IIS, but I specifically uninstalled the FTP part. I'm using windows firewall. It's probably nothing and just a part of IIS or something. I'm going to switch firewalls I think to make sure the port gets blocked.
I think switching firewalls is a great idea. I know IIS can open ports on the firewall and all of that and personally, I would prefer a firewall that can't be controlled by Windows. That way no ports get opened.
I would recommend going for IPSEC. You can block all the unwanted connections and allow only that is needed. But please be sure to you try it and try it multiple times before implementing on server otherwise you will get yourself locked out of server. But for sure I can tell IPSEC is the best. It even improves the performance. On my exchange server when I enabled IPSEC, the IMAP connection wa 3 times faster .