Re: UDP port 1025(Blackjack)
Thanks for the great tip! Regards, Onno At 07:31 PM 11/17/99 +, Chris Schleifer wrote: Hi, I don't know a lot about this stuff but I can help a little I think. When you are using a network, ports will get opened on your machine whenever you make a connection, this way the remote machine has somewhere to talk to. This is probably why you are seeing ports open during one scan and closed the next time. Nmap uses an internal database of service to port mapping. When it says Blackjack, it is just a guess as to what could be running on that port. You will see things like nmap telling you Back Orifice is running on a linux box because of this. Take whatever service nmap says with a grain of salt. You can also do 'grep 1025 /etc/services' to do a simple check for yourself. But the main thing I want to suggest is to not use nmap for scanning your machines. Use lsof instead (apt-get install lsof). Lsof is VERY cool and useful for many things. Install it, do 'lsof -i' as root, and it will show you exactly which ports are open, which process is using it, which user owns the process, and more. I run 'lsof -i' after every apt-get upgrade to quickly make sure it hasn't decided to add a server I don't want (happened last week with the changes to netstd in potato). Hope this helps, Chris Schleifer aphro wrote: > > During the process of closing non important ports on my new server i > noticed it has port 1025(UDP) and the service is Blackjack according to > nmap. Anyone know what this is? i dont see anything in the dpkg list for > blackjack and its not on my machine at home, and its not on my main > server. > > tia > > nate > > [mailto:[EMAIL PROTECTED] ]-- >Vice President Network Operations http://www.firetrail.com/ > Firetrail Internet Services Limited http://www.aphroland.org/ >Everett, WA 425-348-7336http://www.linuxpowered.net/ > Powered By:http://comedy.aphroland.org/ > Debian 2.1 Linux 2.0.36 SMPhttp://yahoo.aphroland.org/ > -[mailto:[EMAIL PROTECTED] ]-- > 10:51pm up 89 days, 10:24, 2 users, load average: 1.87, 1.81, 1.69 > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
Re: UDP port 1025(Blackjack)
Hi, I don't know a lot about this stuff but I can help a little I think. When you are using a network, ports will get opened on your machine whenever you make a connection, this way the remote machine has somewhere to talk to. This is probably why you are seeing ports open during one scan and closed the next time. Nmap uses an internal database of service to port mapping. When it says Blackjack, it is just a guess as to what could be running on that port. You will see things like nmap telling you Back Orifice is running on a linux box because of this. Take whatever service nmap says with a grain of salt. You can also do 'grep 1025 /etc/services' to do a simple check for yourself. But the main thing I want to suggest is to not use nmap for scanning your machines. Use lsof instead (apt-get install lsof). Lsof is VERY cool and useful for many things. Install it, do 'lsof -i' as root, and it will show you exactly which ports are open, which process is using it, which user owns the process, and more. I run 'lsof -i' after every apt-get upgrade to quickly make sure it hasn't decided to add a server I don't want (happened last week with the changes to netstd in potato). Hope this helps, Chris Schleifer aphro wrote: > > During the process of closing non important ports on my new server i > noticed it has port 1025(UDP) and the service is Blackjack according to > nmap. Anyone know what this is? i dont see anything in the dpkg list for > blackjack and its not on my machine at home, and its not on my main > server. > > tia > > nate > > [mailto:[EMAIL PROTECTED] ]-- >Vice President Network Operations http://www.firetrail.com/ > Firetrail Internet Services Limited http://www.aphroland.org/ >Everett, WA 425-348-7336http://www.linuxpowered.net/ > Powered By:http://comedy.aphroland.org/ > Debian 2.1 Linux 2.0.36 SMPhttp://yahoo.aphroland.org/ > -[mailto:[EMAIL PROTECTED] ]-- > 10:51pm up 89 days, 10:24, 2 users, load average: 1.87, 1.81, 1.69 > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
Re: UDP port 1025(Blackjack)
On 17/11/99 Brian May wrote: Try fuser, in the psmisc package. I get: # fuser -n tcp -v 1024 USERPID ACCESS COMMAND 1024/tcp root189 f wdm root 1917 f wdm root 1924 f xconsole still, I am not sure why wdm or xconsole would be listening on port 1024. I am also confused as to how three programs can be listening on the one port: actually i get no output for port 1024, 779 tcp is rpc.statd for nfs.. [554] [dewey:bam] ~ >netstat --tcp -a | grep 1024 tcp0 0 *:1024 *:* LISTEN This is a slink computer. i get that output too, but 1025 is owned by named. i just did another scan and 1399 tcp cadkey-licman was open but now its gone again... I do not have X or xdm/wdm running at the moment. I still cannot figure out what this udp 800 mdbs_daemon is... Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: UDP port 1025(Blackjack)
> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes: Ethan> On 16/11/99 aphro wrote: >> During the process of closing non important ports on my new >> server i noticed it has port 1025(UDP) and the service is >> Blackjack according to nmap. Anyone know what this is? i dont >> see anything in the dpkg list for blackjack and its not on my >> machine at home, and its not on my main server. Ethan> I have been having a bit of trouble getting rid of all Ethan> these open ports too, I have a unknown port tcp 779 and Ethan> unknown, and tcp 1024 open, and it seems that every few Ethan> times i run nmap i see a few extra weird ones open but then Ethan> are gone a minute later. Ethan> also have udp 777 unknown, udp 800 mdbs_daemon and, udp Ethan> 1024 unknown, and that 1025 blackjack too. Try fuser, in the psmisc package. I get: # fuser -n tcp -v 1024 USERPID ACCESS COMMAND 1024/tcp root189 f wdm root 1917 f wdm root 1924 f xconsole still, I am not sure why wdm or xconsole would be listening on port 1024. I am also confused as to how three programs can be listening on the one port: [554] [dewey:bam] ~ >netstat --tcp -a | grep 1024 tcp0 0 *:1024 *:* LISTEN This is a slink computer.
Re: UDP port 1025(Blackjack)
On 16/11/99 aphro wrote: During the process of closing non important ports on my new server i noticed it has port 1025(UDP) and the service is Blackjack according to nmap. Anyone know what this is? i dont see anything in the dpkg list for blackjack and its not on my machine at home, and its not on my main server. I have been having a bit of trouble getting rid of all these open ports too, I have a unknown port tcp 779 and unknown, and tcp 1024 open, and it seems that every few times i run nmap i see a few extra weird ones open but then are gone a minute later. also have udp 777 unknown, udp 800 mdbs_daemon and, udp 1024 unknown, and that 1025 blackjack too. I have gone though the rcS.d and rc2.d and just cannot seem to identify these. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
UDP port 1025(Blackjack)
During the process of closing non important ports on my new server i noticed it has port 1025(UDP) and the service is Blackjack according to nmap. Anyone know what this is? i dont see anything in the dpkg list for blackjack and its not on my machine at home, and its not on my main server. tia nate [mailto:[EMAIL PROTECTED] ]-- Vice President Network Operations http://www.firetrail.com/ Firetrail Internet Services Limited http://www.aphroland.org/ Everett, WA 425-348-7336http://www.linuxpowered.net/ Powered By:http://comedy.aphroland.org/ Debian 2.1 Linux 2.0.36 SMPhttp://yahoo.aphroland.org/ -[mailto:[EMAIL PROTECTED] ]-- 10:51pm up 89 days, 10:24, 2 users, load average: 1.87, 1.81, 1.69
