Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

High udp port are open temporarily

0 views
Skip to first unread message

pch0317

unread,
Jul 14, 2010, 4:10:01 PM7/14/10
to
Hi :)

I install new server with Debian stable (base system only with ssh and
bind).
I scan port with:
nmap -sS -sU -T4 -A -v -PE newserver
and get that few port with number 40000 and higher are open|filtered.
When I scan newserver again I get other few udp port open (differnt
number of port).

When I use lsof -i or netstat in this newserver I get only named and
sshd work in 22 and 53 TCP and UDP port and exim work on localhost 25
port. No high open udp port are discovered.

Why nmap show this temporarily open high port.
What can I do?


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/4C3E146D...@gmail.com

Perry E. Metzger

unread,
Jul 15, 2010, 9:50:02 AM7/15/10
to
On Wed, 14 Jul 2010 21:47:57 +0200 pch0317 <pch...@gmail.com> wrote:
> Hi :)
>
> I install new server with Debian stable (base system only with ssh
> and bind).
> I scan port with:
> nmap -sS -sU -T4 -A -v -PE newserver
> and get that few port with number 40000 and higher are
> open|filtered. When I scan newserver again I get other few udp port
> open (differnt number of port).
>
> When I use lsof -i or netstat in this newserver I get only named
> and sshd work in 22 and 53 TCP and UDP port and exim work on
> localhost 25 port. No high open udp port are discovered.
>
> Why nmap show this temporarily open high port.
> What can I do?

First, you can stop using nmap to do what you can do with

netstat -A inet -a

There is, after all, no need to port scan your own computer when you
can just ask it what it is doing. The ports might only be open for a
moment, but nmap has no special ability to catch such things.

Second, named is doubtless opening ports here and there to send out
and get replies to recursive queries. You could, of course, stop
having DNS service if this bothers you, though I wouldn't recommend
it. Other apps on your machine may also be opening UDP ports here and
there -- just lsof repeatedly to catch them.

--
Perry E. Metzger pe...@piermont.com


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/20100715094...@jabberwock.cb.piermont.com

Andrei Popescu

unread,
Jul 15, 2010, 3:40:04 PM7/15/10
to
On Mi, 14 iul 10, 21:47:57, pch0317 wrote:
> Hi :)
>
> I install new server with Debian stable (base system only with ssh
> and bind).
> I scan port with:
> nmap -sS -sU -T4 -A -v -PE newserver
> and get that few port with number 40000 and higher are open|filtered.
> When I scan newserver again I get other few udp port open (differnt
> number of port).
>
> When I use lsof -i or netstat in this newserver I get only named and
> sshd work in 22 and 53 TCP and UDP port and exim work on localhost
> 25 port. No high open udp port are discovered.
>
> Why nmap show this temporarily open high port.
> What can I do?

Are you scanning from the same computer? Try scanning from a remote
host.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic

signature.asc
0 new messages