Security Incidents mailing list archives
Re: UDP port 1025 Blackjack¿?
From: Guillaume Filion <gfk () LOGIDAC COM>
Date: Thu, 14 Sep 2000 09:32:37 -0400
At 11:59 +0200 12/09/00, Ballester, David wrote:
Hi: Anybody knows something about the 1025 port? I make a portscan using nmap 2.53 over some servers of one of my networks and I've encountered the port 1025 UDP prot. and the name 'blackjack' returned as the name service. Thanks in advance!
Here's my guess: You're using bind and you blocked UDP port 1-1024 with your firewall. If so, it's bind that uses the first open port (1024+1) to get a response from DNS servers. Check out with "netstat -tupan | grep 'named'" and if you see something like this, you'll know that this is the cause. tcp 0 0 192.168.0.3:53 0.0.0.0:* LISTEN 13413/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13413/named udp 0 0 0.0.0.0:1025 0.0.0.0:* 13413/named udp 0 0 192.168.0.3:53 0.0.0.0:* 13413/named udp 0 0 127.0.0.1:53 0.0.0.0:* 13413/named Hope this helps, GFK's -- http://logidac.com Guillaume Filion (GFK's) Logidac Technologies, Québec, Canada
Current thread:
- UDP port 1025 Blackjack¿? Ballester, David (Sep 12)
- Re: UDP port 1025 Blackjack¿? Ryan Russell (Sep 12)
- Re: UDP port 1025 Blackjack¿? Guillaume Filion (Sep 14)