Does this look normal to anyone? I don't think so, but I thought I'd ask. It's the nmap output for our company's domain name, www.raellic.com which is on a static IP.
That's from my (director of co.) workstation. We never opened a Jabber port (no. 5269 -- xmpp-server) and there's no reason it should be running an HTTP proxy on 8080. And of course, 517 filtered ports should be closed, not filtered.
From the server itself after ssh'ing into it, it's even stranger:
WTF. Granted, these are different versions of nmap, but they seem to show the same thing. Somehow, our company's web server is running ports we never opened. The scan of 127.0.0.1 from the server itself is concerning because port 5555 (freeciv) is something I recognize from somewhere else.
Anyone have any insight into these strange scans? What does your own domain scan look like? What does our domain scanned from your system look like?
Dreamhost support is nowhere to be found on this, by the way. Otherwise we're happy with the service and I personally have been a longtime customer.