32770/tcp open sometimes-rpc3
Hi, System: SuSE7.2, Default, KDE2, Developer packages. I will shortly connect my desktop machine to a lan with aproximatly 200 Machines on it, each with a public IP and router connecting the lan with the internet. All machines are completely accessible from the outside (no firewall) at all times. Under these conditions, is "32770/tcp open sometimes-rpc3" something to worry about? How can I disable it? I tried (among other things) deinstalling the package n portmapper, but this made no difference. Timon -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net GMX Tipp: Machen Sie Ihr Hobby zu Geld bei unserem Partner 1&1! http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a
Hi, On Wednesday 18 July 2001 20:18, Timon Schroeter wrote:
All machines are completely accessible from the outside (no firewall) at all times.
Under these conditions, is "32770/tcp open sometimes-rpc3" something to worry about?
If you don't know which program is listening on this port, it sure is something to worry about. Hmm, this has been answered so many times before, but it's still not in the FAQ. (a) To identify the process binding to this port, issue this command (as root) # lsof -i tcp:32770 You could also use # netstat -anpt | grep 32770
How can I disable it?
Don't run the process identified in (a) or, if this isn't possible, use a firewall to block the port.
I tried (among other things) deinstalling the package n portmapper, but this made no difference.
Names of high ports (> 1023) do not mean much, as any process can open these unprivileged ports. netstat only takes the names listed in /etc/services to do a rough translation, but it has no built-in AI capability. Btw. in my /etc/services file port 32770 is called filenet-nch, so this should prove that the name doesn't really mean anything. I would also suggest to scan your box from a different machine using nmap. If it shows an open remote port which netstat does not see locally THEN you have a much bigger problem.
Timon
Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster E-Mail (work): lewelin@uni-muenster.de
participants (2)
-
Martin Leweling
-
Timon Schroeter