Ports 32768 and 798 open

[kachaffeous]

Hi all,

I really haven't been worried about security since I'm on dialup. At the end of the
month I will be moving to an area with cable access. Since I will always be on line now
I wanted to get the security tools to make sure my box is fine. I emerged nmap, nessus,
chkrootkit, snort, ethereal and tcpdump.

Anyway ckrootkit came back clean which is good. On the nmap scan it came back
with ports 798/tcp unknown and 32768/tcp unknown. Is this normal. I did a bit of
googling and it seems that maybe 32768 is for named? Anyone know for sure if these
ports are harmless.

Thanks for the info. Any security tips are welcome also.

[tphamm]

I'm not sure about port 798, but on the machines I work with, port 32768 is usually used by the rpc.statd server. Try running the command 'netstat -natp' on your computer. It should show the PID and (possibly) the name of the process that is listening on that port.

As for security tips, an iptables firewall is usually a good thing to have for boxes that are always online. The Gentoo Linux Security Guide will provide some information on this and other security issues. However, the best way to secure your host (other than snipping the cat 5 cable) is to not open those network ports to the world. In other words, don't start up a service if you're never going to use it. If you do need to run a daemon which needs to listen on a network port (like cupsd for printing), configure it to listen only on the local and internal interfaces whenever possible.
_________________
"This is a UNIX system! I know this!" -- little girl from dinasaur park

[kachaffeous]

Thanks for the tip, 32768 was listed as rpc.statd looks like the other one was
rpc.mountd. Thanks for the help

[fragbert]

You can also 'emerge sys-apps/lsof' (ls Open Files) and then use