Subject: | |
From: | |
Reply To: | |
Date: | Mon, 6 Feb 2006 16:43:56 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi Miles,
I don't know offhand, but I would do a
netstat -ap
which shows the processes associated with the ports.
Troy
Miles O'Neal wrote:
> [This is all on SL304.]
>
> I have a machine in my DMZ that is running
> only the services it needs to. When I do
> "netstat -a" I see:
>
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 xxxx.intrinsity.com:domain *:* LISTEN
> tcp 0 0 localhost.localdomai:domain *:* LISTEN
> tcp 0 0 *:ssh *:* LISTEN
> tcp 0 0 localhost.localdomain:rndc *:* LISTEN
> tcp 0 0 *:smtp *:* LISTEN
> tcp 0 0 xxxx.intrinsity.com:ssh xxxxx.eng.intrinsity.:60082 ESTABLISHED
> tcp 0 0 xxxx.intrinsity.com:smt xxxxxx.intrinsity.com:56695 ESTABLISHED
> tcp 0 0 xxxx.intrinsity.com:ssh xxxxx.eng.intrinsity.:34837 ESTABLISHED
> udp 0 0 *:syslog *:*
> udp 0 0 *:42264 *:*
> udp 0 0 xxxx.intrinsity.co:doma *:*
> udp 0 0 localhost.locald:domain *:*
> udp 0 0 xxxx.intrinsity.com:ntp *:*
> udp 0 0 localhost.localdoma:ntp *:*
> udp 0 0 *:ntp *:*
> Active UNIX domain sockets (servers and established)
> [snippage]
>
> The machine handles DNS, SMTP, NTP and SYSLOG
> duties, plus we allow ssh. So everything above
> makes sense to me *except* the "port 42264" bit.
> I looke don the net and only found a nebulous
> "client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat Enterprise 3".
>
> What is this port? I don't have RHN enabled,
> so it shouldn't be that.
>
> I tried tcpdump | grep 42264, and the traffic I saw
> looked like DNS queries. Why would it be listening
> there? The config files definitely don't tell it to
> use a non-standard port.
>
> More data:
>
> # chkconfig --list | grep :on
> kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
>
> # ps afx
> PID TTY STAT TIME COMMAND
> 1 ? S 0:07 init
> 2 ? SW 0:00 [keventd]
> 3 ? SW 0:00 [kapmd]
> 4 ? SWN 0:00 [ksoftirqd/0]
> 7 ? SW 0:00 [bdflush]
> 5 ? SW 0:02 [kswapd]
> 6 ? SW 0:00 [kscand]
> 8 ? SW 0:00 [kupdated]
> 9 ? SW 0:00 [mdrecoveryd]
> 13 ? SW 0:04 [kjournald]
> 68 ? SW 0:00 [khubd]
> 620 ? SW 0:00 [kjournald]
> 636 ? SW 0:00 [kjournald]
> 676 ? SW 6:59 [kjournald]
> 1294 ? S 6:05 syslogd -m 0
> 1298 ? S 0:00 klogd -x
> 1333 ? S 0:35 /usr/sbin/sshd
> 22491 ? S 0:00 \_ sshd: root@pts/0
> 22493 pts/0 S 0:00 \_ -bash
> 22740 pts/0 R 0:00 \_ ps afx
> 1406 ? S 0:00 crond
> 1415 tty1 S 0:00 /sbin/mingetty tty1
> 1416 tty2 S 0:00 /sbin/mingetty tty2
> 10978 ? SL 0:07 ntpd -U ntp -p /var/run/ntpd.pid -g
> 15985 ? S 3:35 /usr/libexec/postfix/master
> 13783 ? S 0:26 \_ nqmgr -l -n qmgr -t fifo -u
> 22472 ? S 0:00 \_ trivial-rewrite -n rewrite -t unix -u
> 22478 ? S 0:00 \_ pickup -l -t fifo -u
> 22651 ? S 0:00 \_ smtpd -n smtp -t inet -u
> 22652 ? S 0:00 \_ cleanup -z -t unix -u
> 22736 ? S 0:00 \_ smtp -t unix -u
> 20851 ? S 0:50 /usr/sbin/named -u named
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/CSS CSI Group
__________________________________________________
|
|
|