[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Port Scan for UDP

tony mancill, 2001-Oct-20 21:22 -0700:
> On Sat, 20 Oct 2001, Marc Wilson wrote:
> > On Sat, Oct 20, 2001 at 07:18:25PM -0700, Jeff Coppock wrote:
> > > Just for grins, I removed every udp listing in
> > > /etc/services and restarted inetd and the scan came back the
> > > same.  I figure this is normal, but if someone can confirm this
> > > behaviour, I'd really appreciate it.
> > 
> > Adding or removing lines in /etc/services doesn't open or close ports...
> > this is a common misconception.  Removing what's listening on a particular
> > port is what closes that port.
> A good way to find out what process is listening on a port is to load the
> lsof package and use "lsof -i" (as root so that you'll see everything).

Hmmm, so I was under that misconception.

I've started looking into what processes own these 'open' ports
and using lsof -i I'm not seeing processes owning these ports. 
It's listing port numbers for protocols I've never heard of, let
alone would use.  Like 1356:cuillamartin, 2024:CAIlic and a
bunch way up high.  I know I'm not running these apps, but I
haven't checked them all yet, although there are hundreds listed.

I'm wondering if my portscan was not right:

nmap -sU -P0 <host>


Jeff Coppock		Nortel Networks
Systems Engineer	http://nortelnetworks.com

Reply to: