Well, I tried your suggestion and used lsof. To my very great surprise I
found that portmap is the culprit. More specifically, rpc.statd and
rpc.mountd. According to lsof they are listening on ports 1025 and 1024.
I run nfs and portmap for my internal lan and use a ipchains firewall to
ensure none of the normal nfs/portmap ports leak out to the internet.
However, I have never heard of ports 1024/5 being used for rpc???
I blocked the ports on my gateway host but also noticed they are open on
my internal hosts too. Is this something new with RH 7.0??
Gerry
On Sun, 15 Apr 2001, Cameron Simpson wrote:
> On Fri, Apr 13, 2001 at 10:31:58PM -0400, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> | My system seems to be listening on port 1025 and port 1024 is open. I
> | have no idea why.
> | Can anyone give me a reason for this?
>
> Not offhand. If a program binds to a socket (to listen for connections)
> and supplies the port number 0 then the OS allocates a free port. If the
> program is unpriviledged (not root) the port allocated is over 1023. I
> would guess some program has requested a port. Or an unpriviledge program
> requested ports starting at 1024 until a free one was found. COuld
> be normal!
>
> Say this:
>
> lsof -i :1025
>
> It should tell you which program has port 1025 open.
>
--
"The lyf so short, the craft so long to learne." Geoffrey Chaucer
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
