Found Unusual Services running on my VPS

Question

I am running a Debian VPS and i did a port scan and found these services

135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1720/tcp filtered H.323/Q.931
6881/tcp filtered bittorrent-tracker
6901/tcp filtered jetstream
6969/tcp filtered acmsoda

The one that stood out for me was the bittorrent-tracker, i do not use it for torrenting and therefore do not know why it would be on there. Does this mean it could have been compromised?

Also do you know how i would remove this service?

Answer 1

nmap indicating "filtered" simply means that the packets are being blackholed somewhere between your nmap client and the target being scanned.

It does not indicate anything specific about your VPS itself. It is more likely an indication that your VPS provider or their facility filters traffic on these ports.

Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.

-- http://nmap.org/book/man.html

You can simulate this for a specific TCP port on Linux (with or without something listening on that port) using iptables and a DROP target. The DROP results in a complete lack of response, and triggers the "filtered" result in nmap.

Compare this with a "closed" port which would result in an RST being sent, or a port which you may have configured with an ICMP "administratively prohibited" or similar message.

Answer 2

You need to run netstat -pant | grep ':6881' on the server to see what is attached to that port, if anything.

Followup your external scan with manual verification.