port questions
On my box i have the following ports opened... and i don't know what they do...
3130/udp open squid-ipc 32768/udp open omad 199/tcp open smux 953/tcp open rndc any ideea ? thanx |
Have you tried putting the port numbers into google to see what comes up?
I just put "port 3130" in and got 3 pages of hits. I'll freely admit that the 2 or 3 links that I looked at didn't help much, but that's hardly suprising, seeing as my Linux/IT knowledge could be written on the back of a very small postage stamp :D Seriously though, I don't mean to sound patronising/condescending, because it's taken me forever to get into the habit of googling for something first, well at least after I've searched here, before asking a question - it saves a fair amount of repetition. You might just want to see what happens when you close the ports i.e. see if something doesn't work in your system, if it's something essential, then re-open, if not leave it closed. regards John |
32768/udp open omad
this is the one i`m most concerned with because i couldn't find anything about it... |
that 32768 may be a trojan or something. anyway thts strange. Rest all r ok except tht 3130 - thts also messy
|
guess what, i searched "port 32768"
and found this as the first website. http://www.seifried.org/security/ports/32000/32768.html hope that helps, and no its not a trojan |
smux
http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc1227.html No offical service registered for port 953 http://www.seifried.org/security/ports/3000/3130.html |
I'd run 'netstat -l' to see what it says and try to trace down the services that opened the ports. For sure it doesn't seem to be normal.
|
udp 0 0 *:32768 *:*
udp 0 0 *:32769 *:* |
Ok. So now look at the list of running processes: 'ps aux'. Check which ones you don't know.
|
Is there a nice simple command for closing and opening a specific port? I've tried looking through various firewall scripts but i really have no idea what is going on in them.
|
You can try using firestarter.
|
Code:
root@dumbrava /home/apache/continut/muzica # nmap -sU localhost |
Quote:
|
you can begin by disabling inetd from startup
|
As far as I can tell, is a port associated with named. It is not always the same port number, and changes with each stop/start of named. Had me freaked out until I did what spank did and killed everything that was running until an nmap showed it gone. Killing named made it go away.
|
All times are GMT -5. The time now is 10:29 AM. |