LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 07-03-2004, 11:43 AM   #1
alexxxis
Member
 
Registered: Jun 2004
Distribution: Debian 3.1
Posts: 33

Rep: Reputation: 15
Arrow Repeated nmap portscanns sometimes show open ports on different random addressesWhy?


(This is what I thought in the begging the real question is on my 3rd posting)

I am running Woody 3 stable with apache,ssl, php4, openSSH installed using apt.

When I do nmap scann on my server SOMETIMES I get the following open ports. What are there for? and how can I remove them?

1470/tcp open uaiact
1518/tcp open vpvd


Regards,
Alexis

Last edited by alexxxis; 07-06-2004 at 04:04 PM.
 
Old 07-04-2004, 02:13 PM   #2
ToniT
Senior Member
 
Registered: Oct 2003
Location: Zurich, Switzerland
Distribution: Debian/unstable
Posts: 1,357

Rep: Reputation: 47
apt-get install lsof
lsof -i
 
Old 07-05-2004, 09:35 AM   #3
alexxxis
Member
 
Registered: Jun 2004
Distribution: Debian 3.1
Posts: 33

Original Poster
Rep: Reputation: 15
Thanks but...

debian:~# apt-get install Isof
Reading Package Lists... Done
Building Dependency Tree... Done
E: Couldn't find package Isof
 
Old 07-05-2004, 09:45 AM   #4
Dead Parrot
Senior Member
 
Registered: Mar 2004
Distribution: Debian GNU/kFreeBSD
Posts: 1,597

Rep: Reputation: 46
It's lsof -- not Isof (with small L, not with big i).
 
Old 07-05-2004, 09:46 AM   #5
powadha
Member
 
Registered: Nov 2003
Distribution: Debian SID
Posts: 649

Rep: Reputation: 31
lsof not Isof
 
Old 07-05-2004, 06:18 PM   #6
alexxxis
Member
 
Registered: Jun 2004
Distribution: Debian 3.1
Posts: 33

Original Poster
Rep: Reputation: 15
Repeated nmap portscanns sometimes show open ports on different random addressesWhy?

(maybe this should go to another thread...)

Excuse my spelling mistake, it did work this time.

But unfortunately it does not solve my problem.

For some reason which I do not understand if I do repeated port scans with nmap SOMETIMES I get open ports on DIFFERENT addresses each time(e.g 1550/tcp as you can see below), which I hadn't realized when I did the first posting.

So lsof does not help me as these ports are changing all the time and last just for an instance...
The other weird thing is that if I do netstat repeatedly I never get those open ports (as you can see below)...

What is going on? Could this be a security problem? Or what could cause it?

Any help would be appreciated..
Alexis

==================================================

debian:~# nmap localhost

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Strange read error from 127.0.0.1 (104): Operation now in progress
Interesting ports on debian (127.0.0.1):
(The 1549 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
80/tcp open http
443/tcp open https
1550/tcp open 3m-image-lm


===================================================
debian:~# netstat -all --numeric-ports
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.2.28:22 192.168.2.4:1372 ESTABLISHED
tcp 0 144 192.168.2.28:22 192.168.2.4:1371 ESTABLISHED
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
raw 0 0 0.0.0.0:6 0.0.0.0:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 1 [ ] DGRAM 94 /dev/log
unix 0 [ ACC ] STREAM LISTENING 196 /var/run/gcache_port
unix 0 [ ACC ] STREAM LISTENING 138 /var/run/mysqld/mysqld.sock
unix 0 [ ] STREAM 418
unix 1 [ ] STREAM CONNECTED 394
unix 1 [ ] STREAM CONNECTED 393
unix 1 [ ] STREAM CONNECTED 392
unix 1 [ ] STREAM CONNECTED 391
unix 0 [ ] DGRAM 99

Last edited by alexxxis; 07-06-2004 at 04:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP Ports mm1977 Linux - Networking 1 01-31-2005 02:34 AM
DHCP, webmin, and TCP/IP ports mattrobbins Linux - Networking 5 10-14-2003 04:16 AM
how to open TCP/UDP ports RH9 franky Linux - Networking 3 07-18-2003 11:03 PM
How to know some more about an open TCP port? yuzuohong Linux - General 1 05-12-2003 10:42 PM
close port 6000/tcp 515/tcp SchwipSchwap Linux - Newbie 1 09-12-2002 09:24 AM


All times are GMT -5. The time now is 11:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration