Re: Welchsender, offener Port ohne Programm

[Michael Domann <michael.domann@gmx.de>]

On Sun, 25 Nov 2007 23:11:21 +0100
Martin Ammermüller <tenco@gmx.de> wrote:

> Hallo Liste!
> 
> Habe heute meine Rechner mal nach offenen Ports gescanned und bin auf 
> folgendes gestossen (Single-User Modus, Phänomen auch auf anderen Interfaces 
> als lo):
> 
> Script started on Sun Nov 25 22:53:21 2007
> nike:~# nmap localhost -p 1- -sS -sU
> 
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:53 CET
> Interesting ports on localhost (127.0.0.1):
> Not shown: 131069 closed ports
> PORT      STATE SERVICE
> 33731/udp open  unknown
> 
> Nmap finished: 1 IP address (1 host up) scanned in 7.309 seconds
> nike:~# nmap localhost -p 1- -sS -sU
> 
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:54 CET
> Interesting ports on localhost (127.0.0.1):
> Not shown: 131069 closed ports
> PORT      STATE SERVICE
> 57368/udp open  unknown
> 
> Nmap finished: 1 IP address (1 host up) scanned in 7.210 seconds
> nike:~# nmap localhost -p 1- -sS -sU
> 
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:54 CET
> Interesting ports on localhost (127.0.0.1):
> Not shown: 131069 closed ports
> PORT      STATE SERVICE
> 53108/udp open  unknown
> 
> Nmap finished: 1 IP address (1 host up) scanned in 7.256 seconds
> nike:~# nmap localhost -p 1- -sS -sU
> 
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-25 22:54 CET
> Interesting ports on localhost (127.0.0.1):
> Not shown: 131069 closed ports
> PORT      STATE SERVICE
> 45007/udp open  unknown
> 
> Nmap finished: 1 IP address (1 host up) scanned in 7.214 seconds
> nike:~# ps ax
>   PID TTY      STAT   TIME COMMAND
>     1 ?        Ss     0:01 init [S]         
>     2 ?        S<     0:00 [kthreadd]
>     3 ?        S<     0:00 [migration/0]
>     4 ?        SN     0:00 [ksoftirqd/0]
>     5 ?        S<     0:00 [watchdog/0]
>     6 ?        S<     0:00 [events/0]
>     7 ?        S<     0:00 [khelper]
>    25 ?        S<     0:00 [kblockd/0]
>    26 ?        S<     0:00 [kacpid]
>    27 ?        S<     0:00 [kacpi_notify]
>   122 ?        S<     0:00 [kseriod]
>   140 ?        S      0:00 [pdflush]
>   141 ?        S      0:00 [pdflush]
>   142 ?        S<     0:00 [kswapd0]
>   143 ?        S<     0:00 [aio/0]
>   583 ?        S<     0:00 [ata/0]
>   585 ?        S<     0:00 [ata_aux]
>   586 ?        S<     0:00 [ksuspend_usbd]
>   588 ?        S<     0:00 [khubd]
>   590 ?        S<     0:00 [scsi_eh_0]
>   592 ?        S<     0:00 [scsi_eh_1]
>  1086 ?        S<     0:00 [ksnapd]
>  1141 ?        S<     0:00 [kcryptd/0]
>  1293 ?        S<     0:00 [kjournald]
>  1899 ?        S<     0:00 [kpsmoused]
>  1945 ?        S<     0:00 [pccardd]
>  2401 ?        S<     0:00 [kjournald]
>  2402 ?        S<     0:00 [kjournald]
>  2857 tty1     Ss     0:00 init [S]         
>  2860 tty1     S      0:00 bash
>  2895 tty1     S+     0:00 script
>  2896 tty1     R+     0:00 script
>  2897 pts/0    Ss     0:00 bash -i
>  2902 pts/0    R+     0:00 ps ax
> nike:~# netstat -tuapen
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State      
> User       Inode      PID/Program name   
> nike:~# netstat -tulpen
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State       
> User       Inode      PID/Program name   
> nike:~# exit
> exit
> 
> Script done on Sun Nov 25 22:54:49 2007
> 
> Offenbar ist da ein Port mit wechselnder Nummer offen, dessen Programm ich 
> nicht ausfindig machen kann (die von ps gelisteten schliesse ich jetzt mal 
> aus). Rechner ist ein Testing, wenige Tage alt, direkt am Internet (kein NAT 
> oder ähnliches).
> 
> Muss ich mir Sorgen machen? :-/
> 
> Grüsse
> Martin


hi, 

was sagt ein 

lsof|grep portnummer?

mfg