Why s port 111 still open?
I was under the impression that I had cleansed my system of rpcbind after the
security discussion on this list. Today, because I was trying to remove Samba, I ran nmap to see what was going on. Here is the "conversation" I had with Tux just now: <quote> lisi@Tux:~$ nmap Tux Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST Interesting ports on Tux (192.168.0.2): Not shown: 1711 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 6881/tcp open bittorrent-tracker Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds lisi@Tux:~$ which rpcbind lisi@Tux:~$ whereis rpcbind rpcbind: lisi@Tux:~$ locate rpcbind lisi@Tux:~$ find rpcbind find: `rpcbind': No such file or directory lisi@Tux:~$ </quote> Do I need to do anything about it, or should I just take no notice? Thanks, Lisi -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 201108291038.39979.lisi.reisz@gmail.com">http://lists.debian.org/201108291038.39979.lisi.reisz@gmail.com |
Why s port 111 still open?
On 29/08/11 19:38, Lisi wrote:
I was under the impression that I had cleansed my system of rpcbind after the security discussion on this list. Today, because I was trying to remove Samba, I ran nmap to see what was going on. Here is the "conversation" I had with Tux just now: <quote> lisi@Tux:~$ nmap Tux Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST Interesting ports on Tux (192.168.0.2): Not shown: 1711 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 6881/tcp open bittorrent-tracker Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds lisi@Tux:~$ which rpcbind lisi@Tux:~$ whereis rpcbind rpcbind: lisi@Tux:~$ locate rpcbind lisi@Tux:~$ find rpcbind find: `rpcbind': No such file or directory lisi@Tux:~$ </quote> Do I need to do anything about it, or should I just take no notice? Thanks, Lisi =======Copy of what I just posted to Yuri query========= Probably portmap... See if it's installed $ dpkg --get-selections portmap If it is, and it bothers you, it can be removed - check and see if anything uses it:- # apt-get -s remove portmap | less If it's the only package to be removed:- # apt-get --purge remove portmap Check your port:- $ netstat -an | grep 111 SUN RPC is another protocol that uses that port. Cheers -- "I've got a bathtub and an imagination, I'm staying indoors this summer. That way I can listen to music that I like." — Bill Hicks -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4E5B6332.2000201@gmail.com">http://lists.debian.org/4E5B6332.2000201@gmail.com |
Why s port 111 still open?
On 29/08/11 19:38, Lisi wrote:
I was under the impression that I had cleansed my system of rpcbind after the security discussion on this list. Today, because I was trying to remove Samba, I ran nmap to see what was going on. Here is the "conversation" I had with Tux just now: <quote> lisi@Tux:~$ nmap Tux Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST Interesting ports on Tux (192.168.0.2): Not shown: 1711 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 6881/tcp open bittorrent-tracker Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds lisi@Tux:~$ which rpcbind lisi@Tux:~$ whereis rpcbind rpcbind: lisi@Tux:~$ locate rpcbind lisi@Tux:~$ find rpcbind find: `rpcbind': No such file or directory lisi@Tux:~$ </quote> Do I need to do anything about it, or should I just take no notice? Thanks, Lisi =======Copy of what I just posted to Yuri query========= Probably portmap... See if it's installed $ dpkg --get-selections portmap If it is, and it bothers you, it can be removed - check and see if anything uses it:- # apt-get -s remove portmap | less If it's the only package to be removed:- # apt-get --purge remove portmap Check your port:- $ netstat -an | grep 111 SUN RPC is another protocol that uses that port. Cheers -- "I've got a bathtub and an imagination, I'm staying indoors this summer. That way I can listen to music that I like." — Bill Hicks -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4E5B634D.2040401@gmail.com">http://lists.debian.org/4E5B634D.2040401@gmail.com |
Why s port 111 still open?
Lisi:
> > <quote> > lisi@Tux:~$ nmap Tux > > Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST > Interesting ports on Tux (192.168.0.2): > Not shown: 1711 closed ports > PORT STATE SERVICE > 22/tcp open ssh > 80/tcp open http > 111/tcp open rpcbind > 6881/tcp open bittorrent-tracker > > Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds > lisi@Tux:~$ which rpcbind JFTR: just because nmap calls the program using this port "rpcbind", that doesn't mean you have a program or package on your system with that exact name. What I would do, if I wanted to get rid of the program using port 59446 on my system (and didn't know which program it is): # netstat -tlpn | grep 59446 tcp 0 0 0.0.0.0:59446 0.0.0.0:* LISTEN 4586/rpc.mountd # which rpc.mountd /usr/sbin/rpc.mountd # dpkg -S /usr/sbin/rpc.mountd nfs-kernel-server: /usr/sbin/rpc.mountd # aptitude why nfs-kernel-server Unable to find a reason to install nfs-kernel-server. # apt-get remove nfs-kernel-server > lisi@Tux:~$ find rpcbind > find: `rpcbind': No such file or directory This command doesn't do what you expect. It prints all files found in the directory "rcpbind" in your current working directory. Since no such directory exists, find exits with the error message above. J. -- I am on the payroll of a company to whom I owe my undying gratitude. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html> |
Why s port 111 still open?
On Monday 29 August 2011 11:00:18 Scott Ferguson wrote:
> =======Copy of what I just posted to Yuri query========= Thanks Scott and sorry. That email landed on my box after I had sent my query. Lisi -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 201108291221.28586.lisi.reisz@gmail.com">http://lists.debian.org/201108291221.28586.lisi.reisz@gmail.com |
Why s port 111 still open?
>>>>> Jochen Spieker <ml@well-adjusted.de> writes:
>>>>> Lisi: […] >> lisi@Tux:~$ find rpcbind >> find: `rpcbind': No such file or directory > This command doesn't do what you expect. It prints all files found > in the directory "rcpbind" in your current working directory. Since > no such directory exists, find exits with the error message above. I guess that $ dpkg -S rpcbind ; would be more appropriate. -- FSF associate member #7257 Coming soon: Software Freedom Day http://mail.sf-day.org/lists/listinfo/ planning-ru (ru), sfd-discuss (en) -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 86vctgflt5.fsf@gray.siamics.net">http://lists.debian.org/86vctgflt5.fsf@gray.siamics.net |
Why s port 111 still open?
On Mon, Aug 29, 2011 at 5:38 AM, Lisi <lisi.reisz@gmail.com> wrote:
> > I was under the impression that I had cleansed my system of rpcbind after the > security discussion on this list. *Today, because I was trying to remove > Samba, I ran nmap to see what was going on. *Here is the "conversation" I had > with Tux just now: > > lisi@Tux:~$ nmap Tux > Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST > Interesting ports on Tux (192.168.0.2): > Not shown: 1711 closed ports > PORT * * STATE SERVICE > 22/tcp * open *ssh > 80/tcp * open *http > 111/tcp *open *rpcbind > 6881/tcp open *bittorrent-tracker > > Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds > lisi@Tux:~$ which rpcbind > lisi@Tux:~$ whereis rpcbind > rpcbind: > lisi@Tux:~$ locate rpcbind > lisi@Tux:~$ find rpcbind > find: `rpcbind': No such file or directory > lisi@Tux:~$ CHeck whether the rpcbind or the portmap packages are installed. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: CAOdo=Sy-CMkh2yRLJSo_zQUf===hpsYCMFXqO8hK14sqz92bCA@mail.gm ail.com">http://lists.debian.org/CAOdo=Sy-CMkh2yRLJSo_zQUf===hpsYCMFXqO8hK14sqz92bCA@mail.gm ail.com |
Why s port 111 still open?
Your issue seems to be resolved. However, I'd prefer to teach a man to fish.... As it were, lsof -i :111 should show you the pid of what is on that port. From there, ps and then look through logs or 'find /etc/unit.d -type f -print0 | xargs -0 -i{} grep <p name> {}' sometimes works. But if you don't see am unit service, chances are its tcp wrapper / portmap. FWIW
On Aug 29, 2011 8:30 AM, "Tom H" <tomh0665@gmail.com> wrote:> On Mon, Aug 29, 2011 at 5:38 AM, Lisi <lisi.reisz@gmail.com> wrote: >> >> I was under the impression that I had cleansed my system of rpcbind after the >> security discussion on this list. *Today, because I was trying to remove >> Samba, I ran nmap to see what was going on. *Here is the "conversation" I had >> with Tux just now: >> >> lisi@Tux:~$ nmap Tux >> Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST >> Interesting ports on Tux (192.168.0.2): >> Not shown: 1711 closed ports >> PORT * * STATE SERVICE >> 22/tcp * open *ssh >> 80/tcp * open *http >> 111/tcp *open *rpcbind >> 6881/tcp open *bittorrent-tracker >> >> Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds >> lisi@Tux:~$ which rpcbind >> lisi@Tux:~$ whereis rpcbind >> rpcbind: >> lisi@Tux:~$ locate rpcbind >> lisi@Tux:~$ find rpcbind >> find: `rpcbind': No such file or directory >> lisi@Tux:~$ > > CHeck whether the rpcbind or the portmap packages are installed. > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > Archive: http://lists.debian.org/CAOdoSy-CMkh2yRLJSo_zQUfhpsYCMFXqO8hK14sqz92bCA@mail.gmail .com > |
Why s port 111 still open?
On Monday 29 August 2011 13:29:49 Tom H wrote:
> On Mon, Aug 29, 2011 at 5:38 AM, Lisi <lisi.reisz@gmail.com> wrote: > > I was under the impression that I had cleansed my system of rpcbind after > > the security discussion on this list. *Today, because I was trying to > > remove Samba, I ran nmap to see what was going on. *Here is the > > "conversation" I had with Tux just now: > > > > lisi@Tux:~$ nmap Tux > > Starting Nmap 4.62 ( http://nmap.org ) at 2011-08-29 10:31 BST > > Interesting ports on Tux (192.168.0.2): > > Not shown: 1711 closed ports > > PORT * * STATE SERVICE > > 22/tcp * open *ssh > > 80/tcp * open *http > > 111/tcp *open *rpcbind > > 6881/tcp open *bittorrent-tracker > > > > Nmap done: 1 IP address (1 host up) scanned in 0.126 seconds > > lisi@Tux:~$ which rpcbind > > lisi@Tux:~$ whereis rpcbind > > rpcbind: > > lisi@Tux:~$ locate rpcbind > > lisi@Tux:~$ find rpcbind > > find: `rpcbind': No such file or directory > > lisi@Tux:~$ > > CHeck whether the rpcbind or the portmap packages are installed. I have portmap, but not rpcbind. Would that explain why that port is open? I seem to have nothing left of rpcbind and its configuration/data files etc. The other three are open fpr identifiable (by me) reasons. But why is that rpcbind one still open? The computer has been completely shutdown between wehn I removed rpcbind and now. Lisi -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 201108291654.05684.lisi.reisz@gmail.com">http://lists.debian.org/201108291654.05684.lisi.reisz@gmail.com |
Why s port 111 still open?
On Monday 29 August 2011 15:29:41 shawn wilson wrote:
> Your issue seems to be resolved. However, I'd prefer to teach a man to > fish.... As it were, lsof -i :111 should show you the pid of what is on > that port. From there, ps and then look through logs or 'find /etc/unit.d > -type f -print0 | xargs -0 -i{} grep <p name> {}' sometimes works. But if > you don't see am unit service, chances are its tcp wrapper / portmap. FWIW Thanks for that. So the fact that nmap says that 111 is open for rpcbind does not mean that it is open for rpcbind?? And for what it is worth: lisi@Tux:~$ lsof -i :111 lisi@Tux:~$ !! But it is open.... So the conclusion that it is portmap is where this method leads too?! If I live to the age of 100, I shall still barely have scratched the surface of Debian and Linux. Lisi -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 201108291702.36897.lisi.reisz@gmail.com">http://lists.debian.org/201108291702.36897.lisi.reisz@gmail.com |
| All times are GMT. The time now is 10:41 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.