Re: Welchsender, offener Port ohne Programm
On Sun, 25 Nov 2007 23:11:21 +0100
Martin Ammermüller <tenco@gmx.de> wrote:
> Hallo Liste!
>
> Habe heute meine Rechner mal nach offenen Ports gescanned und bin auf
> folgendes gestossen (Single-User Modus, Phänomen auch auf anderen Interfaces
> als lo):
>
> Script started on Sun Nov 25 22:53:21 2007
> nike:~# nmap localhost -p 1- -sS -sU
>
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:53 CET
> Interesting ports on localhost (127.0.0.1):
> Not shown: 131069 closed ports
> PORT STATE SERVICE
> 33731/udp open unknown
>
> Nmap finished: 1 IP address (1 host up) scanned in 7.309 seconds
> nike:~# nmap localhost -p 1- -sS -sU
>
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:54 CET
> Interesting ports on localhost (127.0.0.1):
> Not shown: 131069 closed ports
> PORT STATE SERVICE
> 57368/udp open unknown
>
> Nmap finished: 1 IP address (1 host up) scanned in 7.210 seconds
> nike:~# nmap localhost -p 1- -sS -sU
>
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:54 CET
> Interesting ports on localhost (127.0.0.1):
> Not shown: 131069 closed ports
> PORT STATE SERVICE
> 53108/udp open unknown
>
> Nmap finished: 1 IP address (1 host up) scanned in 7.256 seconds
> nike:~# nmap localhost -p 1- -sS -sU
>
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:54 CET
> Interesting ports on localhost (127.0.0.1):
> Not shown: 131069 closed ports
> PORT STATE SERVICE
> 45007/udp open unknown
>
> Nmap finished: 1 IP address (1 host up) scanned in 7.214 seconds
> nike:~# ps ax
> PID TTY STAT TIME COMMAND
> 1 ? Ss 0:01 init [S]
> 2 ? S< 0:00 [kthreadd]
> 3 ? S< 0:00 [migration/0]
> 4 ? SN 0:00 [ksoftirqd/0]
> 5 ? S< 0:00 [watchdog/0]
> 6 ? S< 0:00 [events/0]
> 7 ? S< 0:00 [khelper]
> 25 ? S< 0:00 [kblockd/0]
> 26 ? S< 0:00 [kacpid]
> 27 ? S< 0:00 [kacpi_notify]
> 122 ? S< 0:00 [kseriod]
> 140 ? S 0:00 [pdflush]
> 141 ? S 0:00 [pdflush]
> 142 ? S< 0:00 [kswapd0]
> 143 ? S< 0:00 [aio/0]
> 583 ? S< 0:00 [ata/0]
> 585 ? S< 0:00 [ata_aux]
> 586 ? S< 0:00 [ksuspend_usbd]
> 588 ? S< 0:00 [khubd]
> 590 ? S< 0:00 [scsi_eh_0]
> 592 ? S< 0:00 [scsi_eh_1]
> 1086 ? S< 0:00 [ksnapd]
> 1141 ? S< 0:00 [kcryptd/0]
> 1293 ? S< 0:00 [kjournald]
> 1899 ? S< 0:00 [kpsmoused]
> 1945 ? S< 0:00 [pccardd]
> 2401 ? S< 0:00 [kjournald]
> 2402 ? S< 0:00 [kjournald]
> 2857 tty1 Ss 0:00 init [S]
> 2860 tty1 S 0:00 bash
> 2895 tty1 S+ 0:00 script
> 2896 tty1 R+ 0:00 script
> 2897 pts/0 Ss 0:00 bash -i
> 2902 pts/0 R+ 0:00 ps ax
> nike:~# netstat -tuapen
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> User Inode PID/Program name
> nike:~# netstat -tulpen
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> User Inode PID/Program name
> nike:~# exit
> exit
>
> Script done on Sun Nov 25 22:54:49 2007
>
> Offenbar ist da ein Port mit wechselnder Nummer offen, dessen Programm ich
> nicht ausfindig machen kann (die von ps gelisteten schliesse ich jetzt mal
> aus). Rechner ist ein Testing, wenige Tage alt, direkt am Internet (kein NAT
> oder ähnliches).
>
> Muss ich mir Sorgen machen? :-/
>
> Grüsse
> Martin
hi,
was sagt ein
lsof|grep portnummer?
mfg
Reply to: