Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   Why s port 111 still open? (http://www.linux-archive.org/debian-user/569419-why-s-port-111-still-open.html)

Lisi 08-29-2011 09:38 AM

Why s port 111 still open?
 
I was under the impression that I had cleansed my system of rpcbind after the
security discussion on this list. Today, because I was trying to remove
Samba, I ran nmap to see what was going on. Here is the "conversation" I had
with Tux just now:

<quote>
lisi@Tux:~$ nmap Tux

Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST
Interesting ports on Tux (192.168.0.2):
Not shown: 1711 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
6881/tcp open bittorrent-tracker

Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds
lisi@Tux:~$ which rpcbind
lisi@Tux:~$ whereis rpcbind
rpcbind:
lisi@Tux:~$ locate rpcbind
lisi@Tux:~$ find rpcbind
find: `rpcbind': No such file or directory
lisi@Tux:~$
</quote>

Do I need to do anything about it, or should I just take no notice?

Thanks,
Lisi


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201108291038.39979.lisi.reisz@gmail.com">http://lists.debian.org/201108291038.39979.lisi.reisz@gmail.com

Scott Ferguson 08-29-2011 10:00 AM

Why s port 111 still open?
 
On 29/08/11 19:38, Lisi wrote:

I was under the impression that I had cleansed my system of rpcbind after the
security discussion on this list. Today, because I was trying to remove
Samba, I ran nmap to see what was going on. Here is the "conversation" I had
with Tux just now:

<quote>
lisi@Tux:~$ nmap Tux

Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST
Interesting ports on Tux (192.168.0.2):
Not shown: 1711 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
6881/tcp open bittorrent-tracker

Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds
lisi@Tux:~$ which rpcbind
lisi@Tux:~$ whereis rpcbind
rpcbind:
lisi@Tux:~$ locate rpcbind
lisi@Tux:~$ find rpcbind
find: `rpcbind': No such file or directory
lisi@Tux:~$
</quote>

Do I need to do anything about it, or should I just take no notice?

Thanks,
Lisi




=======Copy of what I just posted to Yuri query=========

Probably portmap...

See if it's installed
$ dpkg --get-selections portmap

If it is, and it bothers you, it can be removed - check and see if
anything uses it:-

# apt-get -s remove portmap | less

If it's the only package to be removed:-
# apt-get --purge remove portmap

Check your port:-
$ netstat -an | grep 111

SUN RPC is another protocol that uses that port.

Cheers

--
"I've got a bathtub and an imagination, I'm staying indoors this summer.
That way I can listen to music that I like."
— Bill Hicks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4E5B6332.2000201@gmail.com">http://lists.debian.org/4E5B6332.2000201@gmail.com

Scott Ferguson 08-29-2011 10:00 AM

Why s port 111 still open?
 
On 29/08/11 19:38, Lisi wrote:

I was under the impression that I had cleansed my system of rpcbind after the
security discussion on this list. Today, because I was trying to remove
Samba, I ran nmap to see what was going on. Here is the "conversation" I had
with Tux just now:

<quote>
lisi@Tux:~$ nmap Tux

Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST
Interesting ports on Tux (192.168.0.2):
Not shown: 1711 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
6881/tcp open bittorrent-tracker

Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds
lisi@Tux:~$ which rpcbind
lisi@Tux:~$ whereis rpcbind
rpcbind:
lisi@Tux:~$ locate rpcbind
lisi@Tux:~$ find rpcbind
find: `rpcbind': No such file or directory
lisi@Tux:~$
</quote>

Do I need to do anything about it, or should I just take no notice?

Thanks,
Lisi




=======Copy of what I just posted to Yuri query=========

Probably portmap...

See if it's installed
$ dpkg --get-selections portmap

If it is, and it bothers you, it can be removed - check and see if
anything uses it:-

# apt-get -s remove portmap | less

If it's the only package to be removed:-
# apt-get --purge remove portmap

Check your port:-
$ netstat -an | grep 111

SUN RPC is another protocol that uses that port.

Cheers

--
"I've got a bathtub and an imagination, I'm staying indoors this summer.
That way I can listen to music that I like."
— Bill Hicks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4E5B634D.2040401@gmail.com">http://lists.debian.org/4E5B634D.2040401@gmail.com

Jochen Spieker 08-29-2011 10:18 AM

Why s port 111 still open?
 
Lisi:
>
> <quote>
> lisi@Tux:~$ nmap Tux
>
> Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST
> Interesting ports on Tux (192.168.0.2):
> Not shown: 1711 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 80/tcp open http
> 111/tcp open rpcbind
> 6881/tcp open bittorrent-tracker
>
> Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds
> lisi@Tux:~$ which rpcbind

JFTR: just because nmap calls the program using this port "rpcbind",
that doesn't mean you have a program or package on your system with that
exact name.

What I would do, if I wanted to get rid of the program using port 59446
on my system (and didn't know which program it is):

# netstat -tlpn | grep 59446
tcp 0 0 0.0.0.0:59446 0.0.0.0:* LISTEN 4586/rpc.mountd

# which rpc.mountd
/usr/sbin/rpc.mountd

# dpkg -S /usr/sbin/rpc.mountd
nfs-kernel-server: /usr/sbin/rpc.mountd

# aptitude why nfs-kernel-server
Unable to find a reason to install nfs-kernel-server.

# apt-get remove nfs-kernel-server

> lisi@Tux:~$ find rpcbind
> find: `rpcbind': No such file or directory

This command doesn't do what you expect. It prints all files found in
the directory "rcpbind" in your current working directory. Since no such
directory exists, find exits with the error message above.

J.
--
I am on the payroll of a company to whom I owe my undying gratitude.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>

Lisi 08-29-2011 11:21 AM

Why s port 111 still open?
 
On Monday 29 August 2011 11:00:18 Scott Ferguson wrote:
> =======Copy of what I just posted to Yuri query=========

Thanks Scott and sorry. That email landed on my box after I had sent my
query.

Lisi


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201108291221.28586.lisi.reisz@gmail.com">http://lists.debian.org/201108291221.28586.lisi.reisz@gmail.com

Ivan Shmakov 08-29-2011 12:23 PM

Why s port 111 still open?
 
>>>>> Jochen Spieker <ml@well-adjusted.de> writes:
>>>>> Lisi:

[…]

>> lisi@Tux:~$ find rpcbind
>> find: `rpcbind': No such file or directory

> This command doesn't do what you expect. It prints all files found
> in the directory "rcpbind" in your current working directory. Since
> no such directory exists, find exits with the error message above.

I guess that $ dpkg -S rpcbind ; would be more appropriate.

--
FSF associate member #7257 Coming soon: Software Freedom Day
http://mail.sf-day.org/lists/listinfo/ planning-ru (ru), sfd-discuss (en)


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 86vctgflt5.fsf@gray.siamics.net">http://lists.debian.org/86vctgflt5.fsf@gray.siamics.net

Tom H 08-29-2011 12:29 PM

Why s port 111 still open?
 
On Mon, Aug 29, 2011 at 5:38 AM, Lisi <lisi.reisz@gmail.com> wrote:
>
> I was under the impression that I had cleansed my system of rpcbind after the
> security discussion on this list. *Today, because I was trying to remove
> Samba, I ran nmap to see what was going on. *Here is the "conversation" I had
> with Tux just now:
>
> lisi@Tux:~$ nmap Tux
> Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST
> Interesting ports on Tux (192.168.0.2):
> Not shown: 1711 closed ports
> PORT * * STATE SERVICE
> 22/tcp * open *ssh
> 80/tcp * open *http
> 111/tcp *open *rpcbind
> 6881/tcp open *bittorrent-tracker
>
> Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds
> lisi@Tux:~$ which rpcbind
> lisi@Tux:~$ whereis rpcbind
> rpcbind:
> lisi@Tux:~$ locate rpcbind
> lisi@Tux:~$ find rpcbind
> find: `rpcbind': No such file or directory
> lisi@Tux:~$

CHeck whether the rpcbind or the portmap packages are installed.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAOdo=Sy-CMkh2yRLJSo_zQUf===hpsYCMFXqO8hK14sqz92bCA@mail.gm ail.com">http://lists.debian.org/CAOdo=Sy-CMkh2yRLJSo_zQUf===hpsYCMFXqO8hK14sqz92bCA@mail.gm ail.com

shawn wilson 08-29-2011 02:29 PM

Why s port 111 still open?
 
Your issue seems to be resolved. However, I'd prefer to teach a man to fish.... As it were, lsof -i :111 should show you the pid of what is on that port. From there, ps and then look through logs or 'find /etc/unit.d -type f -print0 | xargs -0 -i{} grep <p name> {}' sometimes works. But if you don't see am unit service, chances are its tcp wrapper / portmap. FWIW


On Aug 29, 2011 8:30 AM, "Tom H" <tomh0665@gmail.com> wrote:> On Mon, Aug 29, 2011 at 5:38 AM, Lisi <lisi.reisz@gmail.com> wrote:

>>
>> I was under the impression that I had cleansed my system of rpcbind after the
>> security discussion on this list. *Today, because I was trying to remove
>> Samba, I ran nmap to see what was going on. *Here is the "conversation" I had

>> with Tux just now:
>>
>> lisi@Tux:~$ nmap Tux
>> Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST
>> Interesting ports on Tux (192.168.0.2):

>> Not shown: 1711 closed ports
>> PORT * * STATE SERVICE
>> 22/tcp * open *ssh
>> 80/tcp * open *http
>> 111/tcp *open *rpcbind
>> 6881/tcp open *bittorrent-tracker
>>

>> Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds
>> lisi@Tux:~$ which rpcbind
>> lisi@Tux:~$ whereis rpcbind
>> rpcbind:
>> lisi@Tux:~$ locate rpcbind
>> lisi@Tux:~$ find rpcbind

>> find: `rpcbind': No such file or directory
>> lisi@Tux:~$
>
> CHeck whether the rpcbind or the portmap packages are installed.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org

> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/CAOdoSy-CMkh2yRLJSo_zQUfhpsYCMFXqO8hK14sqz92bCA@mail.gmail .com

>

Lisi 08-29-2011 03:54 PM

Why s port 111 still open?
 
On Monday 29 August 2011 13:29:49 Tom H wrote:
> On Mon, Aug 29, 2011 at 5:38 AM, Lisi <lisi.reisz@gmail.com> wrote:
> > I was under the impression that I had cleansed my system of rpcbind after
> > the security discussion on this list. *Today, because I was trying to
> > remove Samba, I ran nmap to see what was going on. *Here is the
> > "conversation" I had with Tux just now:
> >
> > lisi@Tux:~$ nmap Tux
> > Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST
> > Interesting ports on Tux (192.168.0.2):
> > Not shown: 1711 closed ports
> > PORT * * STATE SERVICE
> > 22/tcp * open *ssh
> > 80/tcp * open *http
> > 111/tcp *open *rpcbind
> > 6881/tcp open *bittorrent-tracker
> >
> > Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds
> > lisi@Tux:~$ which rpcbind
> > lisi@Tux:~$ whereis rpcbind
> > rpcbind:
> > lisi@Tux:~$ locate rpcbind
> > lisi@Tux:~$ find rpcbind
> > find: `rpcbind': No such file or directory
> > lisi@Tux:~$
>
> CHeck whether the rpcbind or the portmap packages are installed.

I have portmap, but not rpcbind. Would that explain why that port is open? I
seem to have nothing left of rpcbind and its configuration/data files etc.

The other three are open fpr identifiable (by me) reasons. But why is that
rpcbind one still open? The computer has been completely shutdown between
wehn I removed rpcbind and now.

Lisi


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201108291654.05684.lisi.reisz@gmail.com">http://lists.debian.org/201108291654.05684.lisi.reisz@gmail.com

Lisi 08-29-2011 04:02 PM

Why s port 111 still open?
 
On Monday 29 August 2011 15:29:41 shawn wilson wrote:
> Your issue seems to be resolved. However, I'd prefer to teach a man to
> fish.... As it were, lsof -i :111 should show you the pid of what is on
> that port. From there, ps and then look through logs or 'find /etc/unit.d
> -type f -print0 | xargs -0 -i{} grep <p name> {}' sometimes works. But if
> you don't see am unit service, chances are its tcp wrapper / portmap. FWIW

Thanks for that.

So the fact that nmap says that 111 is open for rpcbind does not mean that it
is open for rpcbind??

And for what it is worth:

lisi@Tux:~$ lsof -i :111
lisi@Tux:~$

!!

But it is open....

So the conclusion that it is portmap is where this method leads too?!

If I live to the age of 100, I shall still barely have scratched the surface
of Debian and Linux.

Lisi




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201108291702.36897.lisi.reisz@gmail.com">http://lists.debian.org/201108291702.36897.lisi.reisz@gmail.com


All times are GMT. The time now is 11:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.