Hi, On Wednesday 18 July 2001 20:18, Timon Schroeter wrote:
All machines are completely accessible from the outside (no firewall) at all times.
Under these conditions, is "32770/tcp open sometimes-rpc3" something to worry about?
If you don't know which program is listening on this port, it sure is something to worry about. Hmm, this has been answered so many times before, but it's still not in the FAQ. (a) To identify the process binding to this port, issue this command (as root) # lsof -i tcp:32770 You could also use # netstat -anpt | grep 32770
How can I disable it?
Don't run the process identified in (a) or, if this isn't possible, use a firewall to block the port.
I tried (among other things) deinstalling the package n portmapper, but this made no difference.
Names of high ports (> 1023) do not mean much, as any process can open these unprivileged ports. netstat only takes the names listed in /etc/services to do a rough translation, but it has no built-in AI capability. Btw. in my /etc/services file port 32770 is called filenet-nch, so this should prove that the name doesn't really mean anything. I would also suggest to scan your box from a different machine using nmap. If it shows an open remote port which netstat does not see locally THEN you have a much bigger problem.
Timon
Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster E-Mail (work): lewelin@uni-muenster.de