LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 04-03-2007, 03:37 AM   #1
Nikosis
Member
 
Registered: Dec 2005
Location: In front of the monitor
Distribution: Slackware
Posts: 310

Rep: Reputation: 59
open port 623


Hi
I found strange port 623 open, anyone know what it is and how can I close it.

Thx
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 04-03-2007, 04:34 AM   #2
Datamike
Member
 
Registered: Oct 2003
Location: Finland
Distribution: Slackware 12.0
Posts: 34

Rep: Reputation: 15
Here's a web site I found with some information on the port: http://www.auditmypc.com/port/udp-port-623.asp

As for closing it, have you checked your firewall and how it is configured? Don't know about linux, but once upon a time in Windows, a fairly annoying little program kept a port open in my firewall. I'm not sure if that's possible in linux. Depends a lot on your firewall.
 
Old 04-03-2007, 05:46 AM   #3
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
From a terminal, type netstat -pantu

This should tell you what is listening on port 623. Ports are only "open" if something is listening on them
 
Old 04-03-2007, 11:15 PM   #4
Nikosis
Member
 
Registered: Dec 2005
Location: In front of the monitor
Distribution: Slackware
Posts: 310

Original Poster
Rep: Reputation: 59
Hi
Strange thing is that there is no open port 623 when I check from inside, it is when I check from outside
netstat -lnp doesn't show anything at that port
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:37              0.0.0.0:*               LISTEN     2759/inetd          
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     2875/httpd          
tcp        0      0 0.0.0.0:113             0.0.0.0:*               LISTEN     2759/inetd          
tcp        0      0 192.168.1.1:53          0.0.0.0:*               LISTEN     2772/named          
tcp        0      0 333.333.333.333:53      0.0.0.0:*               LISTEN     2772/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     2772/named          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN     2772/named          
tcp6       0      0 ::1:953                 :::*                    LISTEN     2772/named          
udp        0      0 0.0.0.0:512             0.0.0.0:*                          2759/inetd          
udp        0      0 0.0.0.0:32769           0.0.0.0:*                          2772/named          
udp        0      0 0.0.0.0:37              0.0.0.0:*                          2759/inetd          
udp        0      0 192.168.1.1:53          0.0.0.0:*                          2772/named          
udp        0      0 333.333.333.333:53      0.0.0.0:*                          2772/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                          2772/named          
udp6       0      0 :::32770                :::*                               2772/named          
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     7388     2826/acpid          /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     7468     2877/gpm            /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     7455     2865/mysqld         /var/run/mysql/mysql.sock
Code:
PORT    STATE    SERVICE
37/tcp  open     time
53/tcp  open     domain
80/tcp  open     http
113/tcp open     auth
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
623/tcp filtered unknown
So, where is it ?.
Thx

Last edited by Nikosis; 04-04-2007 at 04:23 PM.
 
Old 04-04-2007, 05:15 AM   #5
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Perhaps it just isn't blocked by your firewall. Have you tried closing it (I don't know slackware)?
 
Old 04-04-2007, 11:48 AM   #6
Road_map
Member
 
Registered: Jan 2007
Distribution: Slackware
Posts: 341

Rep: Reputation: 31
Try
Code:
netstat -teanlp
 
Old 04-04-2007, 04:06 PM   #7
Nikosis
Member
 
Registered: Dec 2005
Location: In front of the monitor
Distribution: Slackware
Posts: 310

Original Poster
Rep: Reputation: 59
Hi
Thanks for reply
port 623 isn't open on firewall if that's what you meant.

netstat -teanlp gives same result as -lnp or -pantu
thx

Last edited by Nikosis; 04-04-2007 at 04:08 PM.
 
Old 04-05-2007, 09:03 AM   #8
Road_map
Member
 
Registered: Jan 2007
Distribution: Slackware
Posts: 341

Rep: Reputation: 31
Code:
/etc/rc.d/./rc.rpc stop
chmod 0644 /etc/rc.d/rc.rpc
 
Old 04-06-2007, 04:44 AM   #9
Nikosis
Member
 
Registered: Dec 2005
Location: In front of the monitor
Distribution: Slackware
Posts: 310

Original Poster
Rep: Reputation: 59
Thanks for reply
Well, the port is not realy open, is filtered, so it is on the firewall, not sure what might couse it though. Any suggestion is welcome.
 
Old 08-21-2011, 10:30 PM   #10
FreakWent
LQ Newbie
 
Registered: Aug 2003
Distribution: Mandrake 9.1
Posts: 7

Rep: Reputation: 2
Bump

This thread is Google's top hit for port 623, so I'm adding useful information.

It's used by Intel's vPro/AMT/MBeX suite of technology, wherein a KVM is integrated with the motherboard, allowing remote access to the system regardless of the state of the OS -- or even if there's none.

That's why you don't see it in the netstat output, the OS isn't listening, the hardware is.

I dunno if the OS firewall will stop it, I haven't tested yet. I don't even know which behaviour I prefer, if the OS can control it or if the hardware wins.

It's intended for central management by corporate helpdesks and so on, and I'm looking for decent free or open source software to use with it.
 
2 members found this post helpful.
Old 08-22-2011, 07:48 AM   #11
mRgOBLIN
Slackware Contributor
 
Registered: Jun 2002
Location: New Zealand
Distribution: Slackware
Posts: 999

Rep: Reputation: 227Reputation: 227Reputation: 227
I'd expect it can be disabled in the BIOS then.
 
1 members found this post helpful.
Old 03-05-2012, 08:58 PM   #12
alt229
LQ Newbie
 
Registered: Mar 2012
Posts: 1

Rep: Reputation: Disabled
Lights out management port

Hey guys,
FreakWent is right. This port is open by the NIC itself as part of lights out management. While it's not really a problem to leave this port open if there is some kind of security issue in your vendors particular implementation of LOM then an attacker would have access to reboot your system among other low level commands.

If you wanted to disable this you'd most likely have to reboot and after the bios screen look for your nic to announce how to configure it. It may say something like PXE boot but there should be some kind of keyboard combo that'll get you directly into the nics settings. From there you can usually disable LOM.

Alternatively, you can put LOM on another subnet so that you don't even see it on a portscan of your main ip.

HTH
 
2 members found this post helpful.
Old 03-06-2012, 01:16 AM   #13
tallship
Member
 
Registered: Jul 2003
Location: On the Beaches of Super Sunny Southern San Clemente, California USA
Distribution: Slackware - duh!
Posts: 520
Blog Entries: 3

Rep: Reputation: 112Reputation: 112
Thumbs down Definately NOT kewl!

Well, an iLO for a laptop is a nice idea...

But to distribute machines to consumers with these ports open is grossly negligent, IMNSHO.

And to not even tell the consumer at all? Wow.

That's just wrong as windows raining down.

I'm all for IPMI implementations, but this is just completely irresponsible.

What makes it even worse, is that this thread is at the top of the google hits - meaning, there's a whole world of people running this model machine just waiting for a 0day whackattack, because no one knows they're potentially vulnerable.

Next we'll be hearing that these machines have a factory default set of credentials enabled on the listening ports.

Finally, it's definately NOT kewl for a manufacturer to so prominently use low port numbers for such things - without first registering those ports.

Kudos to the OP for scanning his own box

Kindest regards,

.
 
Old 11-07-2013, 04:36 PM   #14
cnd
LQ Newbie
 
Registered: May 2005
Posts: 8

Rep: Reputation: 0
Exclamation IPMI/RMCP login by Administrator

Hi All,

It is critical you close this port. Multiple exploits allowing anyone access are now circulating in the wild.

Log in to your iLo interface, go to your Administration Tab, find the "Access Settings" menu, and un-check the box alongside "Enable IPMI/DCMI over LAN on Port 623" and click "Apply".

Here is the short story: "IPMI: Express Train to Hell, v2.0" http://fish2.com/ipmi/itrain-gz.html

And here - the full details: http://fish2.com/ipmi/itrain.pdf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
port 25 filtered despite firewall having port 25 open ille.pugil42 Linux - Security 8 03-09-2007 12:51 AM
best port scanner To scan open port in a network tanveer Linux - Security 8 01-21-2007 08:19 PM
cannot SFTP to SUSE 9.2 box, port 22 open, can putty in though using same port. jgrady Linux - Networking 6 03-29-2005 08:44 AM
modem adsl zxyel p-623 me, driver? william777 Linux - Hardware 0 01-19-2005 10:21 AM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM


All times are GMT -5. The time now is 03:19 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration