LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-27-2005, 04:29 AM   #1
frgtn
LQ Newbie
 
Registered: Mar 2005
Location: Kaunas, Lithuania
Distribution: Slackware 10.1
Posts: 28

Rep: Reputation: 15
Question udp port 1024


Hello!

this is my first post and i'm quite desperate for help. I've considered posting this in networking section, but it looks more security related to me. It's a while since i'm trying to figure out what is udp port 1024. No help from google here as well
Doing fuser shows it's named:
root@gw:~# fuser -v 1024/udp

USER PID ACCESS COMMAND
1024/udp root 182 f.... named

This port is open on all network interfaces (0.0.0.0) despite the fact that named is configured to run only on one inerface. I've tried looking in bind documentation, but found nothing as of yet. I also get lot's of connections to that port from variuos ips, typicaly 2-3 packets from one ip, all ips i've checked were from US, one was from NASA networks . I've blocked the port for now. If anyone has info, please help.

P.S. happy Easter!!!

Yours, frgtn
 
Old 03-27-2005, 06:06 AM   #2
jonavogt
LQ Newbie
 
Registered: Apr 2004
Location: Germany
Distribution: SUSE 9.2 Pro | Gentoo | Fli4l
Posts: 16

Rep: Reputation: 0
Quote:
Originally from here
Another weakness of the existing filtering is the inability to define a filter for a range of port numbers. As I mentioned earlier, DNS queries are returned to the client via a UDP datagram sent to a port number between 1024 and 5000. Given the current filtering capabilities, a Windows NT-based router would have to allow all UDP packets through (very bad) or explicitly allow UDP 1024, UDP 1025, UDP 1026, all the way through UDP 5000. In contrast, Cisco routers can be configured to allow this traffic through with a command as simple as IP ACCESS-LIST ALLOW UDP ANY PORT GT 1023.
You seem to be right about named... I personally think blocking it wont harm anybody unless you run a public dns server Correct me if I'm wrong

Cheers Jonathan
 
Old 03-27-2005, 07:10 AM   #3
frgtn
LQ Newbie
 
Registered: Mar 2005
Location: Kaunas, Lithuania
Distribution: Slackware 10.1
Posts: 28

Original Poster
Rep: Reputation: 15
Thanks for your reply, Jonathan.
Well i don't think it's bad to block that port too, but the thing that concerns me is the purpose of it. My guesses are that it might be used for transferring stuff like zones or something over different dns servers, but i don't know. I've never configured bind before, so i'm beginning to think i've missed something.

Yours, frgnt
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
telneting to a udp port. juanb Linux - Security 3 03-06-2013 01:30 PM
UDP port 5353 WannaLearnLinux Linux - Security 17 05-05-2011 01:26 PM
using port number below 1024 eshwar_ind Linux - Networking 2 07-01-2005 04:58 AM
closing port 68/udp? antik Linux - Security 1 09-26-2003 12:26 PM
services with port < 1024 markus1982 Linux - Security 11 01-27-2003 01:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration