Port 6000

Port 6000

Post by Allen Won » Thu, 06 Jan 2000 04:00:00



I am running FreeBSD 3.3 on my internet gateway.  I'd like to close
all the ports except for 22, SSH.  Whenever I run nmap on the FreeBSD
machine, it reports that port 22 and port 6000 are open:

Starting nmap V. 2.3BETA5 by Fyodor
Interesting ports on Ettin.toxicwaste.com (192.168.0.5):
Port    State       Protocol  Service
22      open        tcp       ssh
6000    filtered    tcp      
X11                                              

lsof disagrees and reports this:

COMMAND PID USER   FD   TYPE     DEVICE SIZE/OFF   NODE NAME
natd    109 root    3u  inet 0xc31b2f60      0t0 DIVERT *:8668
natd    109 root    5u  inet 0xc31c3f60      0t0   ICMP *:*
syslogd 141 root    4u  inet 0xc3173f60      0t0    UDP
*:syslog                

What's going on?!  I haven't even installed X-Windows!  Thanks.

Allen

 
 
 

Port 6000

Post by Tony Voe » Fri, 07 Jan 2000 04:00:00



> I am running FreeBSD 3.3 on my internet gateway.  I'd like to close
> all the ports except for 22, SSH.  Whenever I run nmap on the FreeBSD
> machine, it reports that port 22 and port 6000 are open:

> Starting nmap V. 2.3BETA5 by Fyodor
> Interesting ports on Ettin.toxicwaste.com (192.168.0.5):
> Port    State       Protocol  Service
> 22      open        tcp       ssh
> 6000    filtered    tcp       X11

Where do you read that port 6000 is open?

tv

 
 
 

Port 6000

Post by Allen Won » Fri, 07 Jan 2000 04:00:00




> > I am running FreeBSD 3.3 on my internet gateway.  I'd like to close
> > all the ports except for 22, SSH.  Whenever I run nmap on the FreeBSD
> > machine, it reports that port 22 and port 6000 are open:

> > Starting nmap V. 2.3BETA5 by Fyodor
> > Interesting ports on Ettin.toxicwaste.com (192.168.0.5):
> > Port    State       Protocol  Service
> > 22      open        tcp       ssh
> > 6000    filtered    tcp       X11

> Where do you read that port 6000 is open?

Well, okay, it's not open, but filtered.  But what could be using that
port?  I don't have X installed!  And since, lsof reports differently, I
don't know which to believe.  Thanks for the clarification.

Allen

 
 
 

Port 6000

Post by Tim » Fri, 07 Jan 2000 04:00:00





>> > I am running FreeBSD 3.3 on my internet gateway.  I'd like to close
>> > all the ports except for 22, SSH.  Whenever I run nmap on the FreeBSD
>> > machine, it reports that port 22 and port 6000 are open:

>> > Starting nmap V. 2.3BETA5 by Fyodor
>> > Interesting ports on Ettin.toxicwaste.com (192.168.0.5):
>> > Port    State       Protocol  Service
>> > 22      open        tcp       ssh
>> > 6000    filtered    tcp       X11

>> Where do you read that port 6000 is open?

>Well, okay, it's not open, but filtered.  But what could be using that
>port?  I don't have X installed!  And since, lsof reports differently, I
>don't know which to believe.  Thanks for the clarification.

>Allen

Allen,

You are really, really, confused.  Go outside and take a walk to clear your
head.  Then when you come back and look at the problem you might see it in a
new light.

One of your problems is with words and what they mean.  You begin by stating
that open and filtered are equivalent but now having retracted that you are
now saying that filtered is the same as listening.  Open, filtered, and
listening have different meanings and you really need to understand the
differences.

Go back to whatever books you are using to build your firewall and read them
again.  The man pages for nmap might also provide you with a definition of
what the author means by "filtered".

If you want to know if X is running on your FreeBSD box then why not try
using ps -ax, or even better, netstat -na | grep LISTEN and look at the
output???  nmap and lsof were not really created to notify you which
programs were running on your host.  You are using a screwdriver to hammer
nails.

 
 
 

Port 6000

Post by Allen Won » Fri, 07 Jan 2000 04:00:00



> again.  The man pages for nmap might also provide you with a definition of
> what the author means by "filtered".

Oops!  (Dying from embarrassment!)

Allen

 
 
 

Port 6000

Post by loop » Fri, 07 Jan 2000 04:00:00




> > I am running FreeBSD 3.3 on my internet gateway.  I'd like to close
> > all the ports except for 22, SSH.  Whenever I run nmap on the FreeBSD
> > machine, it reports that port 22 and port 6000 are open:

> > Starting nmap V. 2.3BETA5 by Fyodor
> > Interesting ports on Ettin.toxicwaste.com (192.168.0.5):
> > Port    State       Protocol  Service
> > 22      open        tcp       ssh
> > 6000    filtered    tcp       X11

> Where do you read that port 6000 is open?

> tv

Filtered is bad enough. If they see no sign of it being there, they
won't prolly try either. Are you using ipf? Check ipf(4) or ipf(5), and
learn the return-rst action.
--
I'm back again, this time Microsoft-free... Solaris kicks ass!!
l00p at beer / 44801625
 
 
 

1. Port 6000 Process

Does anybody know a process that uses Port 6000, I was writing an app that
used that port and I could never get it, I tried telneting to it and I
connect but that was about it.  I'm running RedHat 6.0.  I looked in the
services file but there was nothing listed for that port.  I even tried to
reboot in case a previous process somehow didn't release it but it was
there when I rebooted which leads me to believe that its some sort of
system process, however my 2.0.36 machine has that port open.  Its not
that important since I can use any other port, Its just a little
disconcerning knowing that there is an app running on that port and I have
no idea what it is.

Thanks in advance
matt

Matthew Carl Schumaker
UPAC Lights Administrative Chairperson

veni, vedi, velcro
I came, I saw, I stuck around

2. WANTED: SLIP Guru

3. port 6000 unintentionally open

4. SCSI Card

5. X-server listen port 6000

6. communicator install help

7. closing port 6000

8. pktgen and VLAN frames

9. XFree 3.1.1 grabs port 6000? why?

10. Ports 6000 and 8000

11. How To prevent port 6000 at Unix

12. port 6000 on AIX

13. disabling port 6000 and 1024