Consider this: $ sudo lsof -ni |grep named named 3267 root 4u IPv4 512 UDP *:32770 named 3267 root 20u IPv4 508 UDP 127.0.0.1:domain named 3267 root 21u IPv4 509 TCP 127.0.0.1:domain (LISTEN) named 3267 root 22u IPv4 510 UDP 192.168.44.1:domain named 3267 root 23u IPv4 511 TCP 192.168.44.1:domain (LISTEN) $ netstat -an |grep 32770 udp 0 0 0.0.0.0:32770 0.0.0.0:* $ md5sum /usr/sbin/named efc9eca0b14ada08aed5d666991bb829 /usr/sbin/named $ dpkg --status bind |grep ^Version Version: 1:8.3.3-0.woody.1 Is the first open port reasonable? I wonder why named is listening on UDP port 32770 which, after a brief google search, comes up as a port usually used by Solaris' rpcbind (which used to be vulnerable). Restarting the named server, however, leads to a new port being open (in a new socket): $ sudo /etc/init.d/bind stop; sudo /etc/init.d/bind start Stopping domain name service: named. Starting domain name service: named. jfs@avalon:~$ sudo lsof -ni |grep named |grep UDP named 25788 root 4u IPv4 3732233 UDP *:32985 Any ideas on why there is a single UDP port open? My configuration is pretty simple, no controls configured for the name server and a 'listen-on port 53' statement in the config file.... Suggestions on why this happens and how to prevent it Please do not tell me to firewall the port, I know how to do that already. Regards Javi
Attachment:
pgpV6FoEtBcRw.pgp
Description: PGP signature