[Wylug-help] Strange UDP port activity
James Holden
wylug at jamesholden.net
Wed Feb 2 10:19:03 GMT 2005
fluffy at fluffybacon.co.uk wrote:
>Hi,
>
>Can anyone tell me what's happening here?
>
>nmap -sU -sV -p- 127.0.0.1
>
>Interesting ports on localhost.localdomain (127.0.0.1):
>(The 65532 ports scanned but not shown below are in state: closed)
>PORT STATE SERVICE VERSION
>68/udp open|filtered dhcpclient
>111/udp open rpcbind 2 (rpc #100000)
>50682/udp open unknown
>
>------------------------
>
>Interesting ports on localhost.localdomain (127.0.0.1):
>(The 65532 ports scanned but not shown below are in state: closed)
>PORT STATE SERVICE VERSION
>68/udp open|filtered dhcpclient
>111/udp open rpcbind 2 (rpc #100000)
>62421/udp open unknown
>
>-----------------------
>
>The port number changes EVERY TIME I run nmap, netstat shows nothing and
>both rkhunter and chkrootkit say nothing suspicious is going on.
>
>As the port number keeps changing, I can't use fuser to find out what's
>running on these random ports and before I reformat the machine I was
>just wondering if anyone else could help?
>
>Thanks,
>Ciaran.
>
>
/sticks neck on line
It is finding the port that it's opened in order to receive the reply
from the UDP port it's currently scanning.
James
More information about the Wylug-help
mailing list