SCIENTIFIC-LINUX-USERS Archives

February 2006

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Miles O'Neal <[log in to unmask]>
Reply To:
Miles O'Neal <[log in to unmask]>
Date:
Mon, 6 Feb 2006 16:32:24 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (90 lines)
[This is all on SL304.]

I have a machine in my DMZ that is running
only the services it needs to.  When I do
"netstat -a" I see:

Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 xxxx.intrinsity.com:domain  *:*                         LISTEN      
tcp        0      0 localhost.localdomai:domain *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
tcp        0      0 localhost.localdomain:rndc  *:*                         LISTEN      
tcp        0      0 *:smtp                      *:*                         LISTEN      
tcp        0      0 xxxx.intrinsity.com:ssh     xxxxx.eng.intrinsity.:60082 ESTABLISHED 
tcp        0      0 xxxx.intrinsity.com:smt     xxxxxx.intrinsity.com:56695 ESTABLISHED 
tcp        0      0 xxxx.intrinsity.com:ssh     xxxxx.eng.intrinsity.:34837 ESTABLISHED 
udp        0      0 *:syslog                *:*                                 
udp        0      0 *:42264                 *:*                                 
udp        0      0 xxxx.intrinsity.co:doma *:*                                 
udp        0      0 localhost.locald:domain *:*                                 
udp        0      0 xxxx.intrinsity.com:ntp *:*                                 
udp        0      0 localhost.localdoma:ntp *:*                                 
udp        0      0 *:ntp                   *:*
Active UNIX domain sockets (servers and established)
[snippage]

The machine handles DNS, SMTP, NTP and SYSLOG
duties, plus we allow ssh.  So everything above
makes sense to me *except* the "port 42264" bit.
I looke don the net and only found a nebulous
"client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat Enterprise 3".

What is this port?  I don't have RHN enabled,
so it shouldn't be that.

I tried tcpdump | grep 42264, and the traffic I saw
looked like DNS queries.  Why would it be listening
there?  The config files definitely don't tell it to
use a non-standard port.  

More data:

# chkconfig --list | grep :on
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
random          0:off   1:off   2:on    3:on    4:on    5:on    6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
named           0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off

# ps afx
  PID TTY      STAT   TIME COMMAND
    1 ?        S      0:07 init
    2 ?        SW     0:00 [keventd]
    3 ?        SW     0:00 [kapmd]
    4 ?        SWN    0:00 [ksoftirqd/0]
    7 ?        SW     0:00 [bdflush]
    5 ?        SW     0:02 [kswapd]
    6 ?        SW     0:00 [kscand]
    8 ?        SW     0:00 [kupdated]
    9 ?        SW     0:00 [mdrecoveryd]
   13 ?        SW     0:04 [kjournald]
   68 ?        SW     0:00 [khubd]
  620 ?        SW     0:00 [kjournald]
  636 ?        SW     0:00 [kjournald]
  676 ?        SW     6:59 [kjournald]
 1294 ?        S      6:05 syslogd -m 0
 1298 ?        S      0:00 klogd -x
 1333 ?        S      0:35 /usr/sbin/sshd
22491 ?        S      0:00  \_ sshd: root@pts/0
22493 pts/0    S      0:00      \_ -bash
22740 pts/0    R      0:00          \_ ps afx
 1406 ?        S      0:00 crond
 1415 tty1     S      0:00 /sbin/mingetty tty1
 1416 tty2     S      0:00 /sbin/mingetty tty2
10978 ?        SL     0:07 ntpd -U ntp -p /var/run/ntpd.pid -g
15985 ?        S      3:35 /usr/libexec/postfix/master
13783 ?        S      0:26  \_ nqmgr -l -n qmgr -t fifo -u
22472 ?        S      0:00  \_ trivial-rewrite -n rewrite -t unix -u
22478 ?        S      0:00  \_ pickup -l -t fifo -u
22651 ?        S      0:00  \_ smtpd -n smtp -t inet -u
22652 ?        S      0:00  \_ cleanup -z -t unix -u
22736 ?        S      0:00  \_ smtp -t unix -u
20851 ?        S      0:50 /usr/sbin/named -u named

ATOM RSS1 RSS2