Dear all!
Last evening I've noticed that
my 5.2 box had strange result
about nmap search. One port is
randomly open when I look from
user account. From root everything
looks as expected. The comp is
most time out of internet. The
last thing was adding "expect"
package. I am not paniced, could
be hiting... Or something in
"expect" package... It is random
port from 53000 to 57000.
Has someone any idea?
Best regards.
ZK
Thanx all for reply.> Got BIND running? BIND usually likes to have a random TCP port bound. Mine > seems to be inclined to hang around in the 3xxx range, though.No, I don't have it.> nmap itself?Why only in userland? X? Could be my old and cheap comp. BTW, 3.48.> what does sockstat -p <portnumber> tell you?port 25 (ipfw2 dynamic rules) port 2628 dictd (server for dictionaries) port 514 syslogd in udp (no rule to access from outside)> Ftp perhaps?No, just a workstation. When I find something open and check it again, it is closed. And... cannot close "syslogd" for report issues. Is it what everyone have open on udp 514? Nothing suspected in conf. Best regards. ZK
> When I find something open and check > it again, it is closed. And... cannot > close "syslogd" for report issues.At least, can not you run syslogd with syslogd_flags="-ss" in /etc/rc.conf ? It disables listening on 514 at all, but still works locally. Do not use it, if your machine is used as syslogd "file server" for other machines ! And what about some milter ? It could open some local connections on high ports. Do not you have some kind of antispam system on your machine ? Or DansGuardian or something like ? Have you tried to run "sockstat >> /some/file" every minute from cron and try to find which process opens the port ? Peter Rosa