Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] dienst blackjack?
  • From: John Ritchie <ritchiej@xxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Sat, 2 Dec 2000 06:53:24 -0800 (PST)
  • Message-id: <Pine.LNX.4.10.10012020642380.16023-100000@xxxxxxxxxxxxxxxxxxxxxxxxx>

Here's my translation:

"I'm in the process of hardening my system - thanks to this list I've
already found several screws to tighten ... but nmap shows me an unusual
service that's running that looks highly suspicious to me. What is
"blackjack" on port 1025/udp? Also suspicious is the unknown service on
port 1024/udp?"

Uli:

To identify what these services are you can try running lsof (as root) on
the system; it should be able to tell you which processes have these ports
open:

lsof -iUDP:1024 -iUDP:1025

man 8 lsof for more info.

Hope this helps,

John Ritchie


On Sat, 2 Dec 2000, U. Schneider wrote:

> Hallo Liste !
>
> bin gerade am Abdichten meines Systems - dank dieser Liste hab ich schon
> einige Schrauben zum drehen gefunden ... aber nmap zeigt mir
> einen seltsamen Dienst am laufen, der mir äußerst suspekt vorkommt.
> Was bitte schön ist blackjack auf Port 1025/udp ?
> Auch der unknown dienst auf Port 1024/udp ist mir verdächtig.
>
> Vielen Dank
> Gruß
> Uli
>
> Hier mal was nmap meldete:
>
> Starting nmap V. 2.53 by fyodor@xxxxxxxxxxxx ( www.insecure.org/nmap/ )
> Host localhost (127.0.0.1) appears to be up ... good.
> Initiating SYN half-open stealth scan against localhost (127.0.0.1)
> Adding TCP port 25 (state open).
> Adding TCP port 119 (state open).
> Adding TCP port 80 (state open).
> Adding TCP port 110 (state open).
> Adding TCP port 23 (state open).
> Adding TCP port 53 (state open).
> Adding TCP port 111 (state open).
> Adding TCP port 113 (state open).
> Adding TCP port 8080 (state open).
> Adding TCP port 139 (state open).
> The SYN scan took 3 seconds to scan 1541 ports.
> Initiating FIN,NULL, UDP, or Xmas stealth scan against localhost
> (127.0.0.1)
> The UDP or stealth FIN/NULL/XMAS scan took 10 seconds to scan 1541
> ports.
> For OSScan assuming that port 23 is open and port 1 is closed and
> neither are firewalled
> Interesting ports on localhost (127.0.0.1):
> (The 3063 ports scanned but not shown below are in state: closed)
> Port State Service
> 23/tcp open telnet
> 25/tcp open smtp
> 53/tcp open domain
> 53/udp open domain
> 67/udp open bootps
> 80/tcp open http
> 110/tcp open pop-3
> 111/tcp open sunrpc
> 111/udp open sunrpc
> 113/tcp open auth
> 119/tcp open nntp
> 137/udp open netbios-ns
> 138/udp open netbios-dgm
> 139/tcp open netbios-ssn
> 161/udp open snmp
> 1024/udp open unknown
> 1025/udp open blackjack
> 3130/udp open squid-ipc
> 8080/tcp open http-proxy
>
> TCP Sequence Prediction: Class=random positive increments
> Difficulty=6946651 (Good luck!)
>
> Sequence numbers: D21ADDF5 D21ADDF5 D15DB363 D15DB363 D24C7F62 D24C7F62
> Remote operating system guess: Linux 2.1.122 - 2.2.14
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 16 seconds
>
>
>
>
>
>
> ___________________________
> Disclaimer:
> The opinions expressed here are not those of my employer, my wife, my
> church, or myself...
> But they are the opinions of Elvis as revealed to me through the medium of
> my pet hamster, Lee Harvey Oswald...
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>



< Previous Next >
References