Subject: | |
From: | |
Reply To: | |
Date: | Mon, 6 Feb 2006 16:32:24 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
[This is all on SL304.]
I have a machine in my DMZ that is running
only the services it needs to. When I do
"netstat -a" I see:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 xxxx.intrinsity.com:domain *:* LISTEN
tcp 0 0 localhost.localdomai:domain *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdomain:rndc *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 xxxx.intrinsity.com:ssh xxxxx.eng.intrinsity.:60082 ESTABLISHED
tcp 0 0 xxxx.intrinsity.com:smt xxxxxx.intrinsity.com:56695 ESTABLISHED
tcp 0 0 xxxx.intrinsity.com:ssh xxxxx.eng.intrinsity.:34837 ESTABLISHED
udp 0 0 *:syslog *:*
udp 0 0 *:42264 *:*
udp 0 0 xxxx.intrinsity.co:doma *:*
udp 0 0 localhost.locald:domain *:*
udp 0 0 xxxx.intrinsity.com:ntp *:*
udp 0 0 localhost.localdoma:ntp *:*
udp 0 0 *:ntp *:*
Active UNIX domain sockets (servers and established)
[snippage]
The machine handles DNS, SMTP, NTP and SYSLOG
duties, plus we allow ssh. So everything above
makes sense to me *except* the "port 42264" bit.
I looke don the net and only found a nebulous
"client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat Enterprise 3".
What is this port? I don't have RHN enabled,
so it shouldn't be that.
I tried tcpdump | grep 42264, and the traffic I saw
looked like DNS queries. Why would it be listening
there? The config files definitely don't tell it to
use a non-standard port.
More data:
# chkconfig --list | grep :on
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# ps afx
PID TTY STAT TIME COMMAND
1 ? S 0:07 init
2 ? SW 0:00 [keventd]
3 ? SW 0:00 [kapmd]
4 ? SWN 0:00 [ksoftirqd/0]
7 ? SW 0:00 [bdflush]
5 ? SW 0:02 [kswapd]
6 ? SW 0:00 [kscand]
8 ? SW 0:00 [kupdated]
9 ? SW 0:00 [mdrecoveryd]
13 ? SW 0:04 [kjournald]
68 ? SW 0:00 [khubd]
620 ? SW 0:00 [kjournald]
636 ? SW 0:00 [kjournald]
676 ? SW 6:59 [kjournald]
1294 ? S 6:05 syslogd -m 0
1298 ? S 0:00 klogd -x
1333 ? S 0:35 /usr/sbin/sshd
22491 ? S 0:00 \_ sshd: root@pts/0
22493 pts/0 S 0:00 \_ -bash
22740 pts/0 R 0:00 \_ ps afx
1406 ? S 0:00 crond
1415 tty1 S 0:00 /sbin/mingetty tty1
1416 tty2 S 0:00 /sbin/mingetty tty2
10978 ? SL 0:07 ntpd -U ntp -p /var/run/ntpd.pid -g
15985 ? S 3:35 /usr/libexec/postfix/master
13783 ? S 0:26 \_ nqmgr -l -n qmgr -t fifo -u
22472 ? S 0:00 \_ trivial-rewrite -n rewrite -t unix -u
22478 ? S 0:00 \_ pickup -l -t fifo -u
22651 ? S 0:00 \_ smtpd -n smtp -t inet -u
22652 ? S 0:00 \_ cleanup -z -t unix -u
22736 ? S 0:00 \_ smtp -t unix -u
20851 ? S 0:50 /usr/sbin/named -u named
|
|
|