Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. User
Service on port 927
niall.moran at gmail
Sep 21, 2004, 3:56 AM
Post #1 of 6 (1433 views)
Permalink
Hi,

Using nmap from another system the following interesting ports were listed.

Port State Service
22/tcp open ssh
111/tcp open sunrpc
972/tcp open unknown
6000/tcp open X11

I want to have the sshd running and X.
Does anyone know how to find out what is using the other ports 111 and 972 ?
If there is any security risk with having these open ?

THanks,

Niall

--
gentoo-user@gentoo.org mailing list
Re: Service on port 927 [ In reply to ]
mike at gaima
Sep 21, 2004, 4:07 AM
Post #2 of 6 (1420 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 21 September 2004 11:56, Niall Moran wrote:
> Hi,
>
> Using nmap from another system the following interesting ports were listed.
>
> Port State Service
> 22/tcp open ssh
> 111/tcp open sunrpc
> 972/tcp open unknown
> 6000/tcp open X11
>
> I want to have the sshd running and X.
> Does anyone know how to find out what is using the other ports 111 and 972
> ? If there is any security risk with having these open ?

111 is the portmapper, and required for nfs mounts. You can safely stop it if
you don't use nfs.
972 is a bit of a mistery, try a 'netstat -nlpt|grep 972' as root and find out
what process/pid has that port open.

Also, unless you are using xdmcp there is no need to have X listening, you can
run X apps over ssh.

p.s. 215 v 205 ?

- --
Mike Williams

--
gentoo-user@gentoo.org mailing list
Re: Service on port 927 [ In reply to ]
spider at gentoo
Sep 21, 2004, 4:37 AM
Post #3 of 6 (1416 views)
Permalink
On Tue, 2004-09-21 at 11:56 +0100, Niall Moran wrote:
> Hi,
>
> Using nmap from another system the following interesting ports were listed.
>
> Port State Service
> 22/tcp open ssh
> 111/tcp open sunrpc
this is "portmap" needed by "fam" and others, But can safely be
firewalled off from outside use unless you have NFS shares.



> 972/tcp open unknown
"emerge lsof"
"lsof -i" ; to show the listening applications, name and the ports
they are using. Very handy software.

> 6000/tcp open X11
Do you really want to expose X11 over the network? usually thats a bad idea unless you do X forwarding with xdmcp



> I want to have the sshd running and X.
> Does anyone know how to find out what is using the other ports 111 and 972 ?
> If there is any security risk with having these open ?
>

There is always some risk, but the question is how large, and for what
case. the only "safe" computer is in a layer of concrete without power.


//Spider
--
Spider <spider@gentoo.org>
Gentoo developer

Attached Files:

Re: Service on port 927 [ In reply to ]
cgysin at gmx
Sep 21, 2004, 4:53 AM
Post #4 of 6 (1419 views)
Permalink
Rumen Yotov wrote:
>>> Port State Service
>>> 22/tcp open ssh
>>> 111/tcp open sunrpc
>>> 972/tcp open unknown
>>> 6000/tcp open X11
>>
> Hi,
> Check /etc/services file.
> cat /etc/services | grep 972.

The service isn't listed in /etc/services. Nmap also takes its
translation from /etc/services.

Try
netstat -tlp

This should at least give you the process who is responsible for binding
port 972.

Christoph

--
gentoo-user@gentoo.org mailing list
Re: Service on port 927 [ In reply to ]
kevin at cybercolloids
Sep 21, 2004, 4:59 AM
Post #5 of 6 (1436 views)
Permalink
From Linux.com
111 - sunrpc (Sun Remote Procedure Call), or portmapper port. Used by NFS
(Network File System), NIS (Network Information Service), and various related
services. Sounds dangerous and is high risk. LAN use only. A favorite crack
target.

/etc/init.d/portmap stop

Will kill portmapper, run nmap again and see if its gone. But first of all
make sure you know why you are running portmap, I guess you have NIS or NFS
running.

Try netstat this should give you some more details and may give you a clue on
port 972. I have seen 972 associated with ssh before.

Have a look at
http://www.linux.com/howtos/Security-Quickstart-Redhat-HOWTO/appendix.shtml
for an excellent introduction to working out what all those ports are and what
you can get from netstat.



Kevin.


On Tuesday 21 September 2004 11:56, Niall Moran wrote:
Hi,

Using nmap from another system the following interesting ports were listed.

Port State Service
22/tcp open ssh
111/tcp open sunrpc
972/tcp open unknown
6000/tcp open X11

I want to have the sshd running and X.
Does anyone know how to find out what is using the other ports 111 and 972 ?
If there is any security risk with having these open ?

THanks,

Niall

--
gentoo-user@gentoo.org mailing list


--
gentoo-user@gentoo.org mailing list
Re: Service on port 927 [ In reply to ]
rumen_yotov at dir
Sep 21, 2004, 5:13 AM
Post #6 of 6 (1422 views)
Permalink
Mike Williams wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Tuesday 21 September 2004 11:56, Niall Moran wrote:
>
>
>>Hi,
>>
>>Using nmap from another system the following interesting ports were listed.
>>
>>Port State Service
>>22/tcp open ssh
>>111/tcp open sunrpc
>>972/tcp open unknown
>>6000/tcp open X11
>>
>>I want to have the sshd running and X.
>>Does anyone know how to find out what is using the other ports 111 and 972
>>? If there is any security risk with having these open ?
>>
>>
>
>111 is the portmapper, and required for nfs mounts. You can safely stop it if
>you don't use nfs.
>972 is a bit of a mistery, try a 'netstat -nlpt|grep 972' as root and find out
>what process/pid has that port open.
>
>Also, unless you are using xdmcp there is no need to have X listening, you can
>run X apps over ssh.
>
>p.s. 215 v 205 ?
>
>- --
>Mike Williams
>
>--
>gentoo-user@gentoo.org mailing list
>
>
>
>
Hi,
Check /etc/services file.
cat /etc/services | grep 972.
HTH.
Rumen


--
gentoo-user@gentoo.org mailing list

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal