You are not logged in.

#1 2007-08-04 16:54:37

evol
Member
From: Ireland
Registered: 2007-06-27
Posts: 53
Website

Random UDP ports opening

Hey all, another, possibly stupid question.

While doing an nmap udp sweep of my laptop I became aware of a ports opening, seemingly randomly.

Example:

PORT      STATE         SERVICE
68/udp    open|filtered dhcpc
48375/udp open          unknown

a few seconds later I repeat the process and get:

PORT      STATE         SERVICE
68/udp    open|filtered dhcpc
63178/udp open          unknown

This continues on, the port number for the unknown service never stays the same for any length of time.

But if I do a netstat -auln, all i get is :
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
udp        0      0 0.0.0.0:68              0.0.0.0:*   

The seemingly random udp port openings aren't mentioned.

rkhunter & chkrootkit haven't found anything suspicious, which leads me to think that maybe this is a normal occurance and has something to do with keeping the network connection alive. But I don't know.

Any ideas?


-//------------------/------>

Offline

#2 2007-08-04 17:06:52

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Random UDP ports opening

Does the port opening coincide with any dns draffic?
Run tcpdump on your interface and look for udp traffic. Correlate it to one of these ephemeral open ports.
I bet they match.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#3 2007-08-06 09:07:28

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819

Re: Random UDP ports opening

Did you scan your localhost or did you scan from without your own home network/home computer?

If you're scanning localhost you'll also see ports opened by services listening on 127.0.0.1, which are not accessible from outside.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

Board footer

Powered by FluxBB