Subject: | |
From: | |
Reply To: | Stephen J. Gowdy |
Date: | Mon, 6 Feb 2006 14:44:27 -0800 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
You can see what is using the port with;
/usr/sbin/lsof -i :42264
On Mon, 6 Feb 2006, Miles O'Neal wrote:
> [This is all on SL304.]
>
> I have a machine in my DMZ that is running
> only the services it needs to. When I do
> "netstat -a" I see:
>
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 xxxx.intrinsity.com:domain *:* LISTEN
> tcp 0 0 localhost.localdomai:domain *:* LISTEN
> tcp 0 0 *:ssh *:* LISTEN
> tcp 0 0 localhost.localdomain:rndc *:* LISTEN
> tcp 0 0 *:smtp *:* LISTEN
> tcp 0 0 xxxx.intrinsity.com:ssh xxxxx.eng.intrinsity.:60082 ESTABLISHED
> tcp 0 0 xxxx.intrinsity.com:smt xxxxxx.intrinsity.com:56695 ESTABLISHED
> tcp 0 0 xxxx.intrinsity.com:ssh xxxxx.eng.intrinsity.:34837 ESTABLISHED
> udp 0 0 *:syslog *:*
> udp 0 0 *:42264 *:*
> udp 0 0 xxxx.intrinsity.co:doma *:*
> udp 0 0 localhost.locald:domain *:*
> udp 0 0 xxxx.intrinsity.com:ntp *:*
> udp 0 0 localhost.localdoma:ntp *:*
> udp 0 0 *:ntp *:*
> Active UNIX domain sockets (servers and established)
> [snippage]
>
> The machine handles DNS, SMTP, NTP and SYSLOG
> duties, plus we allow ssh. So everything above
> makes sense to me *except* the "port 42264" bit.
> I looke don the net and only found a nebulous
> "client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat Enterprise 3".
>
> What is this port? I don't have RHN enabled,
> so it shouldn't be that.
>
> I tried tcpdump | grep 42264, and the traffic I saw
> looked like DNS queries. Why would it be listening
> there? The config files definitely don't tell it to
> use a non-standard port.
>
> More data:
>
> # chkconfig --list | grep :on
> kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
>
> # ps afx
> PID TTY STAT TIME COMMAND
> 1 ? S 0:07 init
> 2 ? SW 0:00 [keventd]
> 3 ? SW 0:00 [kapmd]
> 4 ? SWN 0:00 [ksoftirqd/0]
> 7 ? SW 0:00 [bdflush]
> 5 ? SW 0:02 [kswapd]
> 6 ? SW 0:00 [kscand]
> 8 ? SW 0:00 [kupdated]
> 9 ? SW 0:00 [mdrecoveryd]
> 13 ? SW 0:04 [kjournald]
> 68 ? SW 0:00 [khubd]
> 620 ? SW 0:00 [kjournald]
> 636 ? SW 0:00 [kjournald]
> 676 ? SW 6:59 [kjournald]
> 1294 ? S 6:05 syslogd -m 0
> 1298 ? S 0:00 klogd -x
> 1333 ? S 0:35 /usr/sbin/sshd
> 22491 ? S 0:00 \_ sshd: root@pts/0
> 22493 pts/0 S 0:00 \_ -bash
> 22740 pts/0 R 0:00 \_ ps afx
> 1406 ? S 0:00 crond
> 1415 tty1 S 0:00 /sbin/mingetty tty1
> 1416 tty2 S 0:00 /sbin/mingetty tty2
> 10978 ? SL 0:07 ntpd -U ntp -p /var/run/ntpd.pid -g
> 15985 ? S 3:35 /usr/libexec/postfix/master
> 13783 ? S 0:26 \_ nqmgr -l -n qmgr -t fifo -u
> 22472 ? S 0:00 \_ trivial-rewrite -n rewrite -t unix -u
> 22478 ? S 0:00 \_ pickup -l -t fifo -u
> 22651 ? S 0:00 \_ smtpd -n smtp -t inet -u
> 22652 ? S 0:00 \_ cleanup -z -t unix -u
> 22736 ? S 0:00 \_ smtp -t unix -u
> 20851 ? S 0:50 /usr/sbin/named -u named
>
--
/------------------------------------+-------------------------\
|Stephen J. Gowdy | SLAC, MailStop 34, |
|http://www.slac.stanford.edu/~gowdy/ | 2575 Sand Hill Road, |
|http://calendar.yahoo.com/gowdy | Menlo Park CA 94025, USA |
|EMail: [log in to unmask] | Tel: +1 650 926 3144 |
\------------------------------------+-------------------------/
|
|
|