FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-14-2010, 07:47 PM
pch0317
 
Default High udp port are open temporarily

Hi

I install new server with Debian stable (base system only with ssh and
bind).

I scan port with:
nmap -sS -sU -T4 -A -v -PE newserver
and get that few port with number 40000 and higher are open|filtered.
When I scan newserver again I get other few udp port open (differnt
number of port).


When I use lsof -i or netstat in this newserver I get only named and
sshd work in 22 and 53 TCP and UDP port and exim work on localhost 25
port. No high open udp port are discovered.


Why nmap show this temporarily open high port.
What can I do?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C3E146D.8040006@gmail.com">http://lists.debian.org/4C3E146D.8040006@gmail.com
 
Old 07-15-2010, 01:46 PM
"Perry E. Metzger"
 
Default High udp port are open temporarily

On Wed, 14 Jul 2010 21:47:57 +0200 pch0317 <pch0317@gmail.com> wrote:
> Hi
>
> I install new server with Debian stable (base system only with ssh
> and bind).
> I scan port with:
> nmap -sS -sU -T4 -A -v -PE newserver
> and get that few port with number 40000 and higher are
> open|filtered. When I scan newserver again I get other few udp port
> open (differnt number of port).
>
> When I use lsof -i or netstat in this newserver I get only named
> and sshd work in 22 and 53 TCP and UDP port and exim work on
> localhost 25 port. No high open udp port are discovered.
>
> Why nmap show this temporarily open high port.
> What can I do?

First, you can stop using nmap to do what you can do with

netstat -A inet -a

There is, after all, no need to port scan your own computer when you
can just ask it what it is doing. The ports might only be open for a
moment, but nmap has no special ability to catch such things.

Second, named is doubtless opening ports here and there to send out
and get replies to recursive queries. You could, of course, stop
having DNS service if this bothers you, though I wouldn't recommend
it. Other apps on your machine may also be opening UDP ports here and
there -- just lsof repeatedly to catch them.

--
Perry E. Metzger perry@piermont.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100715094601.6d9aaab7@jabberwock.cb.piermont.com ">http://lists.debian.org/20100715094601.6d9aaab7@jabberwock.cb.piermont.com
 
Old 07-15-2010, 07:14 PM
Andrei Popescu
 
Default High udp port are open temporarily

On Mi, 14 iul 10, 21:47:57, pch0317 wrote:
> Hi
>
> I install new server with Debian stable (base system only with ssh
> and bind).
> I scan port with:
> nmap -sS -sU -T4 -A -v -PE newserver
> and get that few port with number 40000 and higher are open|filtered.
> When I scan newserver again I get other few udp port open (differnt
> number of port).
>
> When I use lsof -i or netstat in this newserver I get only named and
> sshd work in 22 and 53 TCP and UDP port and exim work on localhost
> 25 port. No high open udp port are discovered.
>
> Why nmap show this temporarily open high port.
> What can I do?

Are you scanning from the same computer? Try scanning from a remote
host.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 

Thread Tools




All times are GMT. The time now is 07:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org