On Wed, 14 Jul 2010 21:47:57 +0200 pch0317 <pch0...@gmail.com> wrote: > Hi :) > > I install new server with Debian stable (base system only with ssh > and bind). > I scan port with: > nmap -sS -sU -T4 -A -v -PE newserver > and get that few port with number 40000 and higher are > open|filtered. When I scan newserver again I get other few udp port > open (differnt number of port). > > When I use lsof -i or netstat in this newserver I get only named > and sshd work in 22 and 53 TCP and UDP port and exim work on > localhost 25 port. No high open udp port are discovered. > > Why nmap show this temporarily open high port. > What can I do?
First, you can stop using nmap to do what you can do with netstat -A inet -a There is, after all, no need to port scan your own computer when you can just ask it what it is doing. The ports might only be open for a moment, but nmap has no special ability to catch such things. Second, named is doubtless opening ports here and there to send out and get replies to recursive queries. You could, of course, stop having DNS service if this bothers you, though I wouldn't recommend it. Other apps on your machine may also be opening UDP ports here and there -- just lsof repeatedly to catch them. -- Perry E. Metzger pe...@piermont.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100715094601.6d9aa...@jabberwock.cb.piermont.com
