LinuxQuestions.org - Daemons running on unknown ports

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Daemons running on unknown ports (https://www.linuxquestions.org/questions/linux-networking-3/daemons-running-on-unknown-ports-115001/)

Daemons running on unknown ports

A external scan on my server shows 2 unknown ports open.

798 tcp
1003 tcp

According to RFC 793 these ports are unassigned and should NOT have anything running on them. Can anyone recommend the first step I should take to determine what is running on these ports and how to turn them off if needed. My server is running Mandrake 9.1-2.4.21 and is behind a firewall/router. Thanks in advance.

Run netstat -A inet -lp on your box and watch the output.

Running netstat -A inet -lp shows the following...

tcp 0 0 *:798 *:* LISTEN 1043/rpc.ypxfrd
tcp 0 0 *:1003 *:* LISTEN 822/ypserv

Then a little googling and I find that these daemons are part of NIS (Network Information Service). Formerly known as the Sun Yellow Pages (explains the ypserv & ypxfrd).

http://www.linux-nis.org/

Turns out these littl' buggers distribute information across a network, like login names/passwords/home directories/group information/host names/ip numbers. The purpose of all this is that if you have a group of machines all running NIS and your password is stored in the NIS database then you can login into any machine of the network that is running the NIS client program. Needless to say....I turned this service OFF. Thanks for you reply, markus1982.