[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UDP port 1025(Blackjack)


I don't know a lot about this stuff but I can help a little I think.

When you are using a network, ports will get opened on your machine
whenever you make a connection, this way the remote machine has
somewhere to talk to. This is probably why you are seeing ports open
during one scan and closed the next time.

Nmap uses an internal database of service to port mapping. When it says
Blackjack, it is just a guess as to what could be running on that port.
You will see things like nmap telling you Back Orifice is running on a
linux box because of this. Take whatever service nmap says with a grain
of salt. You can also do 'grep 1025 /etc/services' to do a simple check
for yourself.

But the main thing I want to suggest is to not use nmap for scanning
your machines. Use lsof instead (apt-get install lsof). Lsof is VERY
cool and useful for many things. Install it, do 'lsof -i' as root, and
it will show you exactly which ports are open, which process is using
it, which user owns the process, and more. I run 'lsof -i' after every
apt-get upgrade to quickly make sure it hasn't decided to add a server I
don't want (happened last week with the changes to netstd in potato).

Hope this helps,
Chris Schleifer

aphro wrote:
> During the process of closing non important ports on my new server i
> noticed it has port 1025(UDP) and the service is Blackjack according to
> nmap.  Anyone know what this is? i dont see anything in the dpkg list for
> blackjack and its not on my machine at home, and its not on my main
> server.
> tia
> nate
> ----------------------------------------[mailto:aphro@aphroland.org ]--
>    Vice President Network Operations       http://www.firetrail.com/
>   Firetrail Internet Services Limited      http://www.aphroland.org/
>        Everett, WA 425-348-7336            http://www.linuxpowered.net/
>             Powered By:                    http://comedy.aphroland.org/
>     Debian 2.1 Linux 2.0.36 SMP            http://yahoo.aphroland.org/
> -----------------------------------------[mailto:aphro@netquest.net ]--
> 10:51pm up 89 days, 10:24, 2 users, load average: 1.87, 1.81, 1.69
> --
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null

Reply to: