On Wed, 14 Jul 2010 21:47:57 +0200 pch0317 <firstname.lastname@example.org> wrote:
> I install new server with Debian stable (base system only with ssh
> and bind).
> I scan port with:
> nmap -sS -sU -T4 -A -v -PE newserver
> and get that few port with number 40000 and higher are
> open|filtered. When I scan newserver again I get other few udp port
> open (differnt number of port).
> When I use lsof -i or netstat in this newserver I get only named
> and sshd work in 22 and 53 TCP and UDP port and exim work on
> localhost 25 port. No high open udp port are discovered.
> Why nmap show this temporarily open high port.
> What can I do?
First, you can stop using nmap to do what you can do with
netstat -A inet -a
There is, after all, no need to port scan your own computer when you
can just ask it what it is doing. The ports might only be open for a
moment, but nmap has no special ability to catch such things.
Second, named is doubtless opening ports here and there to send out
and get replies to recursive queries. You could, of course, stop
having DNS service if this bothers you, though I wouldn't recommend
it. Other apps on your machine may also be opening UDP ports here and
there -- just lsof repeatedly to catch them.
Perry E. Metzger email@example.com
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
Archive: email@example.com ">http://firstname.lastname@example.org