Re: something on port 98?

To: "Noah L. Meyerhans" <frodo@morgul.net>
Cc: debian-security@lists.debian.org
Subject: Re: something on port 98?
From: Bradley M Alexander <storm@tux.org>
Date: Fri, 13 Oct 2000 13:48:23 -0400
Message-id: <[🔎] 20001013134823.C2041@sonsofthunder.yi.org>
In-reply-to: <[🔎] 20001013133700.B30971@morgul.net>; from frodo@morgul.net on Fri, Oct 13, 2000 at 01:37:01PM -0400
References: <[🔎] 20001013133700.B30971@morgul.net>

On Fri, Oct 13, 2000 at 01:37:01PM -0400, Noah L. Meyerhans wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hey all.  I'm seeing odd results when I portscan my server from a remote
> host.  nmap is indicating that port 98 (the dreaded linuxconf port) is
> in a filtered state.  I have never ever ever installed linuxconf.  I
> know my ipchains rules have nothing to do with this, as I just flushed
> all the rules, tried the portscan again, and saw the same results.
> 
> fuser does not show any process listening on port 98.  I built a new
> fuser executable from trusted source (the Debian potato sources, freshly
> downloaded) and still saw nothing on that port.

Have you tried looking with lsof? lsof -i tcp:98 or lsof -i udp:98 should
work.

> telnetting to that port from a remote host hangs while trying to
> establish the connection.  telnetting from the localhost gives a
> connection refused message.

Of course, filtered isn't necessarily a bad thing. From the nmap man page:

   Filtered  means  that a firewall, filter, or other network obstacle 
   is covering the port and preventing  nmap from  determining  whether
   the  port is open.

Are you running IPchains that is specifically blocking port 98? That would
make sense for an IPchains firewall to block port 98 out of the box since
you wouldn't want linuxconf access to the Internet at large. Getting a
connection refused is okay too from localhost:

   [storm@defiant storm]$ telnet localhost 98
   Trying 127.0.0.1...
   telnet: Unable to connect to remote host: Connection refused

I do not have linuxconf installed on this box. Probably just your ipchains
keeping nmap from checking a closed port.

-- 
--Brad
============================================================================
Bradley M. Alexander, CISSP              |   Co-Chairman,
Beowulf System Admin/Security Specialist |    NoVALUG/DCLUG Security SIG
Winstar Telecom                          |   balexander@winstar.com
(703) 889-1049                           |   storm@tux.org
============================================================================
Professional soldiers are predictable, but the world is full of amateurs.
						--Murphy's Laws of Combat

Attachment: pgpGGCLCW9_og.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: something on port 98?
  - From: Zak Kipling <zk201@cam.ac.uk>

References:
- something on port 98?
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

Prev by Date: something on port 98?
Next by Date: Re: something on port 98?
Previous by thread: something on port 98?
Next by thread: Re: something on port 98?
Index(es):
- Date
- Thread