Firewall Wizards mailing list archives

Port 37628....Is it just another port or out of the extra ordinary???

From: InHisGrip <servie_platon () yahoo com>
Date: Wed, 21 Jul 2004 16:52:51 -0700 (PDT)


Hi everyone,

I have setup an apache web server in my small home
network and have configured this web server by
enabling port forwarding for web requests and
redirection using a non standard port other than port
80. I have also used my dns registrar/provider in
particular dyndns.org to do the job of custom dns and
redirecting web traffic on my host
machine.

My question is related to security/firewall and in
particular with linux ports being compromised. Based
from the information below, can anyone please let me
know if the information I have attached based on open
ports or listening ports on the output will somehow
compromise my small home network or the linux web
server box I have just set up?

Oh, by the way, just wanted to make sure because I
have  placed the web server in a DMZ port and zone
from my linksys router and I think but not sure that
I am being shielded and protected atleast? Likewise, I
have enabled advanced firewall protection on my
linksys router. Am I just paranoid, or is there
something to get alarmed especially on port 37628
which has a LISTEN state on all interfaces or on the
Internet?

Here is a copy of my netstat -an output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign
Address         State      
tcp        0      0 0.0.0.0:32768           0.0.0.0:* 
             LISTEN      
tcp        0      0 127.0.0.1:32769         0.0.0.0:* 
             LISTEN      
tcp        0      0 127.0.0.1:783           0.0.0.0:* 
             LISTEN      
tcp        0      0 0.0.0.0:111             0.0.0.0:* 
             LISTEN      
tcp        0      0 0.0.0.0:22              0.0.0.0:* 
             LISTEN      
tcp        0      0 127.0.0.1:25            0.0.0.0:* 
             LISTEN      
tcp        0      0 0.0.0.0:8090            0.0.0.0:* 
             LISTEN      
tcp        0      0 0.0.0.0:443             0.0.0.0:* 
             LISTEN      
tcp        0      0 192.168.1.77:8090      
203.218.54.165:4061     TIME_WAIT   
tcp        0      0 192.168.1.77:8090      
203.218.54.165:4060     TIME_WAIT   
tcp        0      0 192.168.1.77:8090      
203.218.54.165:4063     TIME_WAIT   
tcp        0      0 192.168.1.77:8090      
203.218.54.165:4059     TIME_WAIT   
tcp        0      0 192.168.1.77:8090      
203.218.54.165:4073     TIME_WAIT   
tcp        0      0 192.168.1.77:8090      
203.218.54.165:4072     TIME_WAIT   
tcp        0      0 192.168.1.77:8090      
203.218.54.165:4074     TIME_WAIT   
udp        0      0 0.0.0.0:32768           0.0.0.0:* 
                         
udp        0      0 0.0.0.0:750             0.0.0.0:* 
                         
udp        0      0 0.0.0.0:111             0.0.0.0:* 
                         
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State        
I-Node Path
unix  10     [ ]         DGRAM                    900 
  /dev/log
unix  2      [ ]         DGRAM                    1464
  
unix  2      [ ]         DGRAM                    1402
  
unix  2      [ ]         DGRAM                    1384
  
unix  2      [ ]         DGRAM                    1370
  
unix  2      [ ]         DGRAM                    1324
  
unix  2      [ ]         DGRAM                    1050
  
unix  2      [ ]         DGRAM                    966 
  
unix  2      [ ]         DGRAM                    908 
  

I am asking this question because the URL below
mentioned about a trojan on his system and this could
also be happening to mine. Is this a security threat
both on UDP and TCP ports 32768 among others? 

http://www.linuxquestions.org/questions/archive/4/2002/01/2/11641

Any tips or thoughts on how to eliminate this threat
would be highly appreciated. Thanks in advance.

Regards,
Servie




                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Port 37628....Is it just another port or out of the extra ordinary??? InHisGrip (Jul 21)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Chuck Swiger (Jul 22)
  - Re: Port 37628....Is it just another port or out of the extra ordinary??? InHisGrip (Jul 22)
    - Re: Port 37628....Is it just another port or out of the extra ordinary??? Paul D. Robertson (Jul 22)
  - Re: Port 37628....Is it just another port or out of theextra ordinary??? Kerry Thompson (Jul 23)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Luca Berra (Jul 22)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Devdas Bhagat (Jul 22)
- <Possible follow-ups>
- Re: Port 37628....Is it just another port or out of the extra ordinary??? InHisGrip (Jul 23)
  - Re: Port 37628....Is it just another port or out of the extra ordinary??? Victor Williams (Jul 25)
    - Re: Port 37628....Is it just another port or out of the extra ordinary??? Mark Tinberg (Jul 26)
    - Re: Port 37628....Is it just another port or out of the extra ordinary??? R. DuFresne (Jul 26)

(Thread continues...)