[OT] Re: BUG: Unusual TCP Connect() results.

From: Kyle Moffett
Date: Thu Jun 09 2005 - 21:25:12 EST

Next message: Kumar Gala: "[PATCH] ppc32: Factor out common exception code into macro's for4xx/Book-E"
Previous message: Jeff Garzik: "Re: ipw2100: firmware problem"
In reply to: Alastair Poole: "BUG: Unusual TCP Connect() results."
Next in thread: Alastair Poole: "Re: [OT] Re: BUG: Unusual TCP Connect() results."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 9, 2005, at 16:51:39, Alastair Poole wrote:

The number of ports listed changes in size and they appear to be
random. For example, on one scan ports

22, 3455, 4532 and 6236

SSH and 3 RPC-based services, I would guess. This is not a kernel
bug, there are probably userspace applications which are opening
those ports, even something as simple as an FTP client in active
mode would do it. Please run "netstat -lp" to determine which
processes have opened each port.

It is also interesting to note that a basic TCP nmap scan does not
return these unusual results.

nmap doesn't scan higher-numbered ports by default, because those
ports are generally allocated dynamically by the kernel when user
programs indicate they do not care what port they are bound on.

Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kumar Gala: "[PATCH] ppc32: Factor out common exception code into macro's for4xx/Book-E"
Previous message: Jeff Garzik: "Re: ipw2100: firmware problem"
In reply to: Alastair Poole: "BUG: Unusual TCP Connect() results."
Next in thread: Alastair Poole: "Re: [OT] Re: BUG: Unusual TCP Connect() results."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]