LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   port questions (https://www.linuxquestions.org/questions/linux-newbie-8/port-questions-168415/)

spank 04-10-2004 10:57 AM
port questions
 
On my box i have the following ports opened... and i don't know what they do...

3130/udp open squid-ipc
32768/udp open omad
199/tcp open smux
953/tcp open rndc

any ideea ?

thanx

bigjohn 04-10-2004 11:18 AM
Have you tried putting the port numbers into google to see what comes up?

I just put "port 3130" in and got 3 pages of hits.

I'll freely admit that the 2 or 3 links that I looked at didn't help much, but that's hardly suprising, seeing as my Linux/IT knowledge could be written on the back of a very small postage stamp :D

Seriously though, I don't mean to sound patronising/condescending, because it's taken me forever to get into the habit of googling for something first, well at least after I've searched here, before asking a question - it saves a fair amount of repetition.

You might just want to see what happens when you close the ports i.e. see if something doesn't work in your system, if it's something essential, then re-open, if not leave it closed.

regards

John

spank 04-10-2004 11:31 AM
32768/udp open omad
this is the one i`m most concerned with because i couldn't find anything about it...

digitalbrutus 04-10-2004 01:35 PM
that 32768 may be a trojan or something. anyway thts strange. Rest all r ok except tht 3130 - thts also messy

tearinox 04-10-2004 01:45 PM
guess what, i searched "port 32768"
and found this as the first website.
http://www.seifried.org/security/ports/32000/32768.html

hope that helps, and no its not a trojan

michaelk 04-10-2004 04:45 PM
smux
http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc1227.html

No offical service registered for port 953

http://www.seifried.org/security/ports/3000/3130.html

Mara 04-10-2004 05:24 PM
I'd run 'netstat -l' to see what it says and try to trace down the services that opened the ports. For sure it doesn't seem to be normal.

spank 04-15-2004 03:00 AM
udp 0 0 *:32768 *:*
udp 0 0 *:32769 *:*

Mara 04-16-2004 03:55 PM
Ok. So now look at the list of running processes: 'ps aux'. Check which ones you don't know.

sh1ft 04-16-2004 05:38 PM
Is there a nice simple command for closing and opening a specific port? I've tried looking through various firewall scripts but i really have no idea what is going on in them.

Electro 04-16-2004 06:03 PM
You can try using firestarter.

spank 04-17-2004 05:46 AM
Code:
root@dumbrava /home/apache/continut/muzica # nmap -sU localhost

Starting dumbrava  ( http://dumbrava.nbasarab.ro/ ) at 2004-04-17 13:42 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1474 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
53/udp    open  domain
161/udp  open  snmp
3130/udp  open  squid-ipc
32768/udp open  omad

Nmap run completed -- 1 IP address (1 host up) scanned in 6.078 seconds
root@dumbrava /home/apache/continut/muzica # killall named
root@dumbrava /home/apache/continut/muzica # service named start
root@dumbrava /home/apache/continut/muzica # nmap -sU localhost

Starting dumbrava  ( http://dumbrava.nbasarab.ro/ ) at 2004-04-17 13:43 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1474 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
53/udp    open  domain
161/udp  open  snmp
3130/udp  open  squid-ipc
32770/udp open  sometimes-rpc4

Nmap run completed -- 1 IP address (1 host up) scanned in 5.141 seconds
root@dumbrava /home/apache/continut/muzica # killall named
root@dumbrava /home/apache/continut/muzica # nmap -sU localhost

Starting dumbrava  ( http://dumbrava.nbasarab.ro/ ) at 2004-04-17 13:44 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1476 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
161/udp  open  snmp
3130/udp open  squid-ipc

Nmap run completed -- 1 IP address (1 host up) scanned in 4.831 seconds
root@dumbrava /home/apache/continut/muzica # service named start
root@dumbrava /home/apache/continut/muzica # nmap -sU localhost  ]

Starting dumbrava  ( http://dumbrava.nbasarab.ro/ ) at 2004-04-17 13:44 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1474 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
53/udp    open  domain
161/udp  open  snmp
3130/udp  open  squid-ipc
32771/udp open  sometimes-rpc6

Nmap run completed -- 1 IP address (1 host up) scanned in 5.792 seconds
very weird!

Mara 04-17-2004 05:57 PM
Quote:
Originally posted by sh1ft
Is there a nice simple command for closing and opening a specific port?
There's no such command. You close a port by closing an application that had opened it. So you need to trace them down.

mrcheeks 04-17-2004 06:07 PM
you can begin by disabling inetd from startup

egrep 08-06-2004 04:06 PM
As far as I can tell, is a port associated with named. It is not always the same port number, and changes with each stop/start of named. Had me freaked out until I did what spank did and killed everything that was running until an nmap showed it gone. Killing named made it go away.


All times are GMT -5. The time now is 10:29 AM.