HELP! Mysterious socket 843/tcp listening on CURRENT system
Kimmo Paasiala
kpaasial at gmail.com
Tue Sep 15 07:21:22 UTC 2015
On Tue, Sep 15, 2015 at 10:06 AM, O. Hartmann
<ohartman at zedat.fu-berlin.de> wrote:
> Hopefully, I'm right on this list. if not, please forward.
>
> Running CURRENT as of FreeBSD 11.0-CURRENT #3 r287780: Mon Sep 14 13:34:16
> CEST 2015 amd64, I check via nmap for open sockets since I had trouble
> protecting a server with IPFW and NAT.
>
> I see a service (nmap)
>
> Host is up (0.041s latency).
> Not shown: 998 filtered ports
> PORT STATE SERVICE
> 843/tcp open unknown
>
> and via sockstat -l -p 843, I get this:
> ? ? ? ? tcp4 *:843 *:*
>
> I double checked all services on the server and i can not figure out what
> daemon or service is using this port. The port is exposed throught NAT (I use
> in-kernel NAT on that system).
> This service is accessible via telnet host-ip 843:
>
> Trying 85.179.165.184...
> Connected to xxx.xxx.xxx.xxx.
> Escape character is '^]'.
>
>
> Well, I feel pants-down right now since it seems very hard to find out what
> service is keeping this socket open for communications to the outside world.
>
> Anyone any suggestions?
>
> Thanks in advance,
> Oliver
As delphij@ noted it's most likely something that uses rpcbind(3). Why
are your filter rules allowing unknown ports to be open to the
internet? Don't you have a default deny policy in place?
More information about the freebsd-net
mailing list