Re: NFS creates hidden port

To: debian-user@lists.debian.org
Subject: Re: NFS creates hidden port
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Tue, 22 Aug 2017 18:01:22 +0200
Message-id: <[🔎] 21302758742638748744@scdbackup.webframe.org>
In-reply-to: <[🔎] onhhke$mkq$1@blaine.gmane.org>
References: <[🔎] onhhke$mkq$1@blaine.gmane.org>

Hi,

i wrote:
> > E.g. try to patch unhide-tcp so that it reads the NFS port number from
> > a file which you create before the Rkhunter run.

Rob van der Putten wrote:
> I would have to find out when NFS does a callback an then dump the local
> port into a file.

Earlier:
> > > The hidden port lingers on for days. Until one restarts NFS.
> > > NFS then uses an other port which clearly shows in netstat,
> > > until it becomes hidden again.

One could make a script which determines and records the port number
as long as it is visible. When it vanishes from netstat, then one would
stay with the recorded number until the NFS port re-appears in netstat
again.

> It's the client side of RPC NFS callback. 

Question is whether it can be unambiguously recognized in netstat output
as long as it is visible.
Further: Is it always only one hidden port ?

Have a nice day 

Thomas

Reply to:

Follow-Ups:
- Re: NFS creates hidden port
  - From: Rob van der Putten <rob@sput.nl>

References:
- Re: NFS creates hidden port
  - From: Rob van der Putten <rob@sput.nl>

Prev by Date: Security Alert Links
Next by Date: Re: Using preseed (Debian/Ubuntu) to partition both RAID and encryption
Previous by thread: Re: NFS creates hidden port
Next by thread: Re: NFS creates hidden port
Index(es):
- Date
- Thread