Random UDP ports opening

evol · 2007-08-04 16:54:37

Hey all, another, possibly stupid question.

While doing an nmap udp sweep of my laptop I became aware of a ports opening, seemingly randomly.

Example:

PORT STATE SERVICE
68/udp open|filtered dhcpc
48375/udp open unknown

a few seconds later I repeat the process and get:

PORT STATE SERVICE
68/udp open|filtered dhcpc
63178/udp open unknown

This continues on, the port number for the unknown service never stays the same for any length of time.

But if I do a netstat -auln, all i get is :
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:68 0.0.0.0:*

The seemingly random udp port openings aren't mentioned.

rkhunter & chkrootkit haven't found anything suspicious, which leads me to think that maybe this is a normal occurance and has something to do with keeping the network connection alive. But I don't know.

Any ideas?

cactus · 2007-08-04 17:06:52

Does the port opening coincide with any dns draffic?
Run tcpdump on your interface and look for udp traffic. Correlate it to one of these ephemeral open ports.
I bet they match.

.:B:. · 2007-08-06 09:07:28

Did you scan your localhost or did you scan from without your own home network/home computer?

If you're scanning localhost you'll also see ports opened by services listening on 127.0.0.1, which are not accessible from outside.

Arch Linux

#1 2007-08-04 16:54:37

Random UDP ports opening

#2 2007-08-04 17:06:52

Re: Random UDP ports opening

#3 2007-08-06 09:07:28

Re: Random UDP ports opening

Board footer