Re: How to find out what service is running on a port
Lo, on Tuesday, October 9, Sean Kelleher did write:
> Hi folks,
>
> I've got errors that are continually popping up to STDERR about a
> packet being rejected by my firewall, bound for port 65535. this
> behaviour itself is normal -- my firewall should reject this packet --
> but i'd like to know what service this packet hopes to reach. i've
> checked the relevant files (AFAIK -- /etc/services, /etc/inetd.conf),
> but don't see anything that applies.
>
> anyone know where i could look to find out which service this is?
http://www.snort.org/ has a database of this sort of information,
searchable by port number. (Bottom of the left column.)
For 65535, it says:
Port 65535 / tcp
Keyword RC1trojan
Description [trojan] RC1 trojan
for what that's worth to you.
IIRC, ports in the high end of the range are also used by Linux for IP
masquerading. I seem to recall hearing about a hole in this system that
could be exploited, although I don't remember any details. (I do know that
it was patched quite some time ago; 2.4 and recent 2.2 kernels aren't
vulnerable.)
Richard
Reply to: