LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-10-2004, 11:57 AM   #1
spank
Member
 
Registered: Aug 2003
Location: Romania
Distribution: Ubuntu 6.06
Posts: 278

Rep: Reputation: 30
port questions


On my box i have the following ports opened... and i don't know what they do...

3130/udp open squid-ipc
32768/udp open omad
199/tcp open smux
953/tcp open rndc

any ideea ?

thanx
 
Old 04-10-2004, 12:18 PM   #2
bigjohn
Senior Member
 
Registered: Jun 2002
Location: UK .
Distribution: *buntu (usually Kubuntu)
Posts: 2,682
Blog Entries: 9

Rep: Reputation: 45
Have you tried putting the port numbers into google to see what comes up?

I just put "port 3130" in and got 3 pages of hits.

I'll freely admit that the 2 or 3 links that I looked at didn't help much, but that's hardly suprising, seeing as my Linux/IT knowledge could be written on the back of a very small postage stamp

Seriously though, I don't mean to sound patronising/condescending, because it's taken me forever to get into the habit of googling for something first, well at least after I've searched here, before asking a question - it saves a fair amount of repetition.

You might just want to see what happens when you close the ports i.e. see if something doesn't work in your system, if it's something essential, then re-open, if not leave it closed.

regards

John
 
Old 04-10-2004, 12:31 PM   #3
spank
Member
 
Registered: Aug 2003
Location: Romania
Distribution: Ubuntu 6.06
Posts: 278

Original Poster
Rep: Reputation: 30
32768/udp open omad
this is the one i`m most concerned with because i couldn't find anything about it...
 
Old 04-10-2004, 02:35 PM   #4
digitalbrutus
LQ Newbie
 
Registered: Mar 2004
Posts: 25

Rep: Reputation: 15
that 32768 may be a trojan or something. anyway thts strange. Rest all r ok except tht 3130 - thts also messy
 
Old 04-10-2004, 02:45 PM   #5
tearinox
Member
 
Registered: Aug 2003
Location: you dont want to know
Distribution: Gentoo 2004.2, Slackware 10, Windows XP, Windows 2003 Server
Posts: 348

Rep: Reputation: 30
guess what, i searched "port 32768"
and found this as the first website.
http://www.seifried.org/security/ports/32000/32768.html

hope that helps, and no its not a trojan
 
Old 04-10-2004, 05:45 PM   #6
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,931

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
smux
http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc1227.html

No offical service registered for port 953

http://www.seifried.org/security/ports/3000/3130.html
 
Old 04-10-2004, 06:24 PM   #7
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,568

Rep: Reputation: 164Reputation: 164
I'd run 'netstat -l' to see what it says and try to trace down the services that opened the ports. For sure it doesn't seem to be normal.
 
Old 04-15-2004, 04:00 AM   #8
spank
Member
 
Registered: Aug 2003
Location: Romania
Distribution: Ubuntu 6.06
Posts: 278

Original Poster
Rep: Reputation: 30
udp 0 0 *:32768 *:*
udp 0 0 *:32769 *:*
 
Old 04-16-2004, 04:55 PM   #9
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,568

Rep: Reputation: 164Reputation: 164
Ok. So now look at the list of running processes: 'ps aux'. Check which ones you don't know.
 
Old 04-16-2004, 06:38 PM   #10
sh1ft
Member
 
Registered: Feb 2004
Location: Ottawa, Ontario, Can
Distribution: Slackware, ubuntu
Posts: 391

Rep: Reputation: 31
Is there a nice simple command for closing and opening a specific port? I've tried looking through various firewall scripts but i really have no idea what is going on in them.
 
Old 04-16-2004, 07:03 PM   #11
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
You can try using firestarter.
 
Old 04-17-2004, 06:46 AM   #12
spank
Member
 
Registered: Aug 2003
Location: Romania
Distribution: Ubuntu 6.06
Posts: 278

Original Poster
Rep: Reputation: 30
Code:
 root@dumbrava /home/apache/continut/muzica # nmap -sU localhost

Starting dumbrava  ( http://dumbrava.nbasarab.ro/ ) at 2004-04-17 13:42 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1474 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
53/udp    open  domain
161/udp   open  snmp
3130/udp  open  squid-ipc
32768/udp open  omad

Nmap run completed -- 1 IP address (1 host up) scanned in 6.078 seconds
root@dumbrava /home/apache/continut/muzica # killall named
root@dumbrava /home/apache/continut/muzica # service named start
root@dumbrava /home/apache/continut/muzica # nmap -sU localhost

Starting dumbrava  ( http://dumbrava.nbasarab.ro/ ) at 2004-04-17 13:43 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1474 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
53/udp    open  domain
161/udp   open  snmp
3130/udp  open  squid-ipc
32770/udp open  sometimes-rpc4

Nmap run completed -- 1 IP address (1 host up) scanned in 5.141 seconds
root@dumbrava /home/apache/continut/muzica # killall named
root@dumbrava /home/apache/continut/muzica # nmap -sU localhost

Starting dumbrava  ( http://dumbrava.nbasarab.ro/ ) at 2004-04-17 13:44 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1476 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
161/udp  open  snmp
3130/udp open  squid-ipc

Nmap run completed -- 1 IP address (1 host up) scanned in 4.831 seconds
root@dumbrava /home/apache/continut/muzica # service named start
root@dumbrava /home/apache/continut/muzica # nmap -sU localhost  ]

Starting dumbrava  ( http://dumbrava.nbasarab.ro/ ) at 2004-04-17 13:44 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1474 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
53/udp    open  domain
161/udp   open  snmp
3130/udp  open  squid-ipc
32771/udp open  sometimes-rpc6

Nmap run completed -- 1 IP address (1 host up) scanned in 5.792 seconds
very weird!
 
Old 04-17-2004, 06:57 PM   #13
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,568

Rep: Reputation: 164Reputation: 164
Quote:
Originally posted by sh1ft
Is there a nice simple command for closing and opening a specific port?
There's no such command. You close a port by closing an application that had opened it. So you need to trace them down.
 
Old 04-17-2004, 07:07 PM   #14
mrcheeks
Senior Member
 
Registered: Mar 2004
Location: far enough
Distribution: OS X 10.6.7
Posts: 1,690

Rep: Reputation: 51
you can begin by disabling inetd from startup
 
Old 08-06-2004, 05:06 PM   #15
egrep
LQ Newbie
 
Registered: Aug 2004
Location: Bremerton WA
Distribution: Slackware
Posts: 20

Rep: Reputation: 0
As far as I can tell, is a port associated with named. It is not always the same port number, and changes with each stop/start of named. Had me freaked out until I did what spank did and killed everything that was running until an nmap showed it gone. Killing named made it go away.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking PING and port 113 on SuSE and other Firewall Questions WarlockofVirgo Linux - Security 12 08-21-2004 02:28 PM
Some port questions... drigz Linux - Software 4 06-17-2004 11:28 AM
Haylo - help a newbie with firewall port questions linux_latino Linux - Security 7 12-10-2003 08:01 AM
More open port questions BajaNick Linux - Security 3 09-22-2003 08:04 PM
some port questions ... juanb Linux - Security 5 09-17-2003 02:26 PM


All times are GMT -5. The time now is 04:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration