[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Welchsender, offener Port ohne Programm

Hallo Liste!

Habe heute meine Rechner mal nach offenen Ports gescanned und bin auf 
folgendes gestossen (Single-User Modus, Phänomen auch auf anderen Interfaces 
als lo):

Script started on Sun Nov 25 22:53:21 2007
nike:~# nmap localhost -p 1- -sS -sU

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:53 CET
Interesting ports on localhost (127.0.0.1):
Not shown: 131069 closed ports
PORT      STATE SERVICE
33731/udp open  unknown

Nmap finished: 1 IP address (1 host up) scanned in 7.309 seconds
nike:~# nmap localhost -p 1- -sS -sU

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:54 CET
Interesting ports on localhost (127.0.0.1):
Not shown: 131069 closed ports
PORT      STATE SERVICE
57368/udp open  unknown

Nmap finished: 1 IP address (1 host up) scanned in 7.210 seconds
nike:~# nmap localhost -p 1- -sS -sU

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:54 CET
Interesting ports on localhost (127.0.0.1):
Not shown: 131069 closed ports
PORT      STATE SERVICE
53108/udp open  unknown

Nmap finished: 1 IP address (1 host up) scanned in 7.256 seconds
nike:~# nmap localhost -p 1- -sS -sU

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:54 CET
Interesting ports on localhost (127.0.0.1):
Not shown: 131069 closed ports
PORT      STATE SERVICE
45007/udp open  unknown

Nmap finished: 1 IP address (1 host up) scanned in 7.214 seconds
nike:~# ps ax
  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:01 init [S]         
    2 ?        S<     0:00 [kthreadd]
    3 ?        S<     0:00 [migration/0]
    4 ?        SN     0:00 [ksoftirqd/0]
    5 ?        S<     0:00 [watchdog/0]
    6 ?        S<     0:00 [events/0]
    7 ?        S<     0:00 [khelper]
   25 ?        S<     0:00 [kblockd/0]
   26 ?        S<     0:00 [kacpid]
   27 ?        S<     0:00 [kacpi_notify]
  122 ?        S<     0:00 [kseriod]
  140 ?        S      0:00 [pdflush]
  141 ?        S      0:00 [pdflush]
  142 ?        S<     0:00 [kswapd0]
  143 ?        S<     0:00 [aio/0]
  583 ?        S<     0:00 [ata/0]
  585 ?        S<     0:00 [ata_aux]
  586 ?        S<     0:00 [ksuspend_usbd]
  588 ?        S<     0:00 [khubd]
  590 ?        S<     0:00 [scsi_eh_0]
  592 ?        S<     0:00 [scsi_eh_1]
 1086 ?        S<     0:00 [ksnapd]
 1141 ?        S<     0:00 [kcryptd/0]
 1293 ?        S<     0:00 [kjournald]
 1899 ?        S<     0:00 [kpsmoused]
 1945 ?        S<     0:00 [pccardd]
 2401 ?        S<     0:00 [kjournald]
 2402 ?        S<     0:00 [kjournald]
 2857 tty1     Ss     0:00 init [S]         
 2860 tty1     S      0:00 bash
 2895 tty1     S+     0:00 script
 2896 tty1     R+     0:00 script
 2897 pts/0    Ss     0:00 bash -i
 2902 pts/0    R+     0:00 ps ax
nike:~# netstat -tuapen
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
User       Inode      PID/Program name   
nike:~# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
User       Inode      PID/Program name   
nike:~# exit
exit

Script done on Sun Nov 25 22:54:49 2007

Offenbar ist da ein Port mit wechselnder Nummer offen, dessen Programm ich 
nicht ausfindig machen kann (die von ps gelisteten schliesse ich jetzt mal 
aus). Rechner ist ein Testing, wenige Tage alt, direkt am Internet (kein NAT 
oder ähnliches).

Muss ich mir Sorgen machen? :-/

Grüsse
Martin

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: