Consider this: $ sudo lsof -ni |grep named named 3267 root 4u IPv4 512 UDP *:32770 named 3267 root 20u IPv4 508 UDP 127.0.0.1:domain named 3267 root 21u IPv4 509 TCP 127.0.0.1:domain (LISTEN) named 3267 root 22u IPv4 510 UDP 192.168.44.1:domain named 3267 root 23u IPv4 511 TCP 192.168.44.1:domain (LISTEN) $ netstat -an |grep 32770 udp 0 0 0.0.0.0:32770 0.0.0.0:* $ md5sum /usr/sbin/named efc9eca0b14ada08aed5d666991bb829 /usr/sbin/named $ dpkg --status bind |grep ^Version Version: 1:8.3.3-0.woody.1
Is the first open port reasonable? I wonder why named is listening on UDP
port 32770 which, after a brief google search, comes up as a port usually
used by Solaris' rpcbind (which used to be vulnerable).
Restarting the named server, however, leads to a new port being open (in a
new socket):
$ sudo /etc/init.d/bind stop; sudo /etc/init.d/bind start
Stopping domain name service: named.
Starting domain name service: named.
[EMAIL PROTECTED]:~$ sudo lsof -ni |grep named |grep UDP
named 25788 root 4u IPv4 3732233 UDP *:32985
Any ideas on why there is a single UDP port open? My configuration is
pretty simple, no controls configured for the name server and a 'listen-on
port 53' statement in the config file....
Suggestions on why this happens and how to prevent it Please do not tell
me to firewall the port, I know how to do that already.
Regards
Javi
pgpOe5TBu9wBk.pgp
Description: PGP signature
