LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-11-2005, 09:03 AM   #1
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 453

Rep: Reputation: 30
799 udp port open


The UDP:799 port is open on my rhel 3 server.
I can't find which service is behind it. I've tried everything with no success. Now I suspect to be a backdoor or something like this


1. #nmap -sU localhost
Quote:
799/udp open unknown
2. netsta -tupan | grep 799
Quote:
udp 0 0 0.0.0.0:799 0.0.0.0:* -
3.lsof -i :799 -> nothing

4. lsof -V -i UDP -> nothing related


Do you have any idea? I thing this is very difficult of impossible finding what is behind this port.

What could I do next? Please give me some hints!!


Thanks in advance!
 
Old 07-11-2005, 10:36 AM   #2
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,744

Rep: Reputation: 71
Do an netstat -upan to see what apps are using what ports.
 
Old 07-12-2005, 04:16 AM   #3
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 453

Original Poster
Rep: Reputation: 30
As I 've already said in the first email:

#netsta -tupan | grep 799

Output: udp 0 0 0.0.0.0:799 0.0.0.0:* -

I can't see the program/pid for 799 udp port.
 
Old 07-12-2005, 04:22 AM   #4
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 453

Original Poster
Rep: Reputation: 30
I think I found the answer: http://seclists.org/lists/incidents/2000/Sep/0165.html
 
Old 07-13-2005, 05:33 PM   #5
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
you can only see all processes names as root.

as a regular use you get sometimes - as the name.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
UDP port 5353 WannaLearnLinux Linux - Security 17 05-05-2011 01:26 PM
Wandering, high, open UDP port detected by nmap conn-fused Linux - Security 1 05-15-2005 06:23 AM
udp port 1024 frgtn Linux - Security 2 03-27-2005 07:10 AM
TCP Port 53 Open - How to enable UDP 53? stardotstar Linux - Networking 6 03-16-2005 04:49 AM
How do I open up a UDP port? Dirt Linux - Networking 9 06-06-2003 05:50 PM


All times are GMT -5. The time now is 12:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration