Security Incidents mailing list archives

Re: UDP port 1025 Blackjack¿?

From: Guillaume Filion <gfk () LOGIDAC COM>
Date: Thu, 14 Sep 2000 09:32:37 -0400

At 11:59 +0200 12/09/00, Ballester, David wrote:

Hi:
     Anybody knows something about the 1025 port? I make a portscan using
nmap 2.53 over some servers of one of my networks and
I've encountered the port 1025 UDP prot. and the name 'blackjack' returned
as the name service.

Thanks in advance!


Here's my guess: You're using bind and you blocked UDP port 1-1024
with your firewall.

If so, it's bind that uses the first open port (1024+1) to get a
response from DNS servers. Check out with "netstat -tupan | grep
'named'" and if you see something like this, you'll know that this is
the cause.
tcp        0      0 192.168.0.3:53          0.0.0.0:*
LISTEN      13413/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*
LISTEN      13413/named
udp        0      0 0.0.0.0:1025            0.0.0.0:*
13413/named
udp        0      0 192.168.0.3:53          0.0.0.0:*
13413/named
udp        0      0 127.0.0.1:53            0.0.0.0:*
13413/named

Hope this helps,
GFK's
--
http://logidac.com
Guillaume Filion (GFK's)
Logidac Technologies, Québec, Canada

Current thread:

UDP port 1025 Blackjack¿? Ballester, David (Sep 12)
- Re: UDP port 1025 Blackjack¿? Ryan Russell (Sep 12)
- Re: UDP port 1025 Blackjack¿? Guillaume Filion (Sep 14)