Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
open udp ports
Results 1 to 10 of 10

Thread: open udp ports

  1. #1

    open udp ports

    Does anyone know what (besides a possible backdoor) would be running on udp ports 783 and 939? 783 is listed as being an hp-alert managment tool, but my box is a compaq and has no compaq management tools installed. Should these ports be open? 939 is listed as unknown. All traffic to and from these ports are blocked at multiple firewalls (well I just blocked them now) but am I being hasty? Are these normally open and if so, for what purpose?

  2. #2

    Re: open udp ports

    Check in your inetd.conf file and see if those services are being started up there. You can just comment out the lines that start those up. I have nearly everything in inetd.conf commented out since my box is just a home computer. In fact, I don't even run inetd at all. Therefore, I am not running any services, and an Nmap scan shows all ports are closed (and they are firewalled too.) I would say if you don't know what a particular service running on a port is doing, you probably don't need it. I've never heard of those you mentioned.

  3. #3

    Re: open udp ports

    Ok this is getting scary. I've left the ports open, but blocked incoming and outgoing udp traffic ro those ports at the WAN firewall. Then I blocked those ports coming from the LAN to the DMZ. Basically, no traffic to those ports should have entered or left the DMZ. In that time, another udp port (nmap flags as being unknown) had opened. Unless anyone can tell me what those ports are used for, I'm going to assume the worst.

  4. #4

    Re: open udp ports

    (nmap flags as being unknown)
    That just means the port isn't listed in /etc/services.

    Though, your firewall doesn't sound very good. You have to close ports? Why not close them all by default and then only open the ones you know you need?

  5. #5

    Re: open udp ports

    It seems that the ports are being opened by sgi_fam, though its xinted conf file suggests that it should be binding to a tcp port on the loopback. However, when I enable it and start xinetd, udp ports start popping open.

    My firewalls do drop all by default. However, the output rules are a bit more lienient in what traffic they allow than the input rules are-- which allow traffic only to needed services. The LAN firewall drops everything. Really what I did was tighten them further and enable logging of packets to and from those specific ports.

    I'm doubting now that this is a backdoor, though I'm not yet ruling it out. I'm going to have to read a little more on sgi_fam and figure out what, if anything, needs it, and why it binds to random udp ports. All know at this point is that if I disable it in it's associated xinetd conf file, the udp ports do not open. If my box has been compromised, I can only imagine it came from the LAN or through an exploit in one of the box's services.

  6. #6

    Re: open udp ports

    Ok it is definately sgi_fam. If I leave it enabled and start xinetd on my home box, it opens a random udp port. If I disable it, no udp ports open. So all that worry for nothing. Now the question is, what the heck is sgi_fam for?

  7. #7

    Re: open udp ports

    something to do with the file acceleration monitor

    found this:

    Really interesting: FAM: file alteration monitor (Score:2)
    by fanatic on Saturday December 29, @01:27PM (#2762716)
    (User #86657 Info) *
    SGI has created the file alteration monitor and ported it to linux. (This shows up as '/etc/xinetd.d/sgi_fam' in RH7.2.) This allows apps to request a central daemon to monitor files and directories for modification, so that the apps can be notified when this happens. I've started playing with this and it looks cool. This helps provide real-time auditing of file activities on critical files - helps mollify the security types, which is important in a corporate setting. *

  8. #8

    Re: open udp ports

    udp packets are return packets coming from a tcp request on your LAN side (normally). I wouldn't worry about them _unless_ a SYN is attached to it indicating an attack. It's possible that if your file sharing that it is a bound connection to keep information current (ie... mapping a share, etc...).

    The only thing that seems strange to me is the fact that it is below port 1024, indicating that it is tied a service. I just can't say _what_ service.

  9. #9

    Re: open udp ports

    udp packets are return packets coming from a tcp request on your LAN side (normally). I wouldn't worry about them _unless_ a SYN is attached to it indicating an attack. It's possible that if your file sharing that it is a bound connection to keep information current (ie... mapping a share, etc...).

    The only thing that seems strange to me is the fact that it is below port 1024, indicating that it is tied a service. I just can't say _what_ service.
    I'm pretty sure that UDP packets are not return packets to TCP. Don't TCP packets answer to TCP and UDP to UDP, all encapuslated in an IP (the chief difference between the two being error correction)?

    Anyway, if there are any udp packets traversing my DMZ they should only be DNS queries, and they should not be hitting this box (unless of course they are answers from our nameservers).

    I'me pretty sure the port is associated with sgi_fam, though I'm not sure how or why. I can deduce that sgi_fam definately opens a random udp port for some purpose of another. I did a clean install (well the box is only a couple days old and in another town, not that that matters) and ran xinetd with sgi_fam enabled and a udp port popped open.

  10. #10
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re: open udp ports

    UDP is a type of packet in the TCP/IP protocol. A really good explanation is in most Net+ cert books.

Similar Threads

  1. How to open Ports ?
    By markwaugh in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 06-01-2005, 04:49 AM
  2. manually open ports in Internet Connection Firewal
    By CoolJsa14 in forum Windows - General Topics
    Replies: 0
    Last Post: 01-05-2005, 09:58 PM
  3. Which Ports Open
    By GhostDawg in forum Windows - General Topics
    Replies: 10
    Last Post: 09-16-2004, 06:32 AM
  4. Closing ports on SCO Open Server 5
    By datamike in forum Linux - General Topics
    Replies: 3
    Last Post: 08-21-2002, 04:50 AM
  5. Open Ports
    By trickster in forum Linux - Software, Applications & Programming
    Replies: 15
    Last Post: 07-17-2002, 02:04 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •