ports 1022 and 1023

ports 1022 and 1023

Post by Fred Medic » Thu, 19 Nov 1998 04:00:00



I'm working on closing ports on some FreeBSD machines. On a good number
of these machines I've been surprised to find that my port scanner tells
me ports 1022 and 1023 are open for tcp.

I've looked at a few different assigned port number pages but haven't
been able to find documentation on these ports.

Does anybody know 1) what these ports are used for and 2) how to close
them?

Thanks,

Fred

 
 
 

ports 1022 and 1023

Post by Barry Margoli » Fri, 20 Nov 1998 04:00:00



Quote:>I'm working on closing ports on some FreeBSD machines. On a good number
>of these machines I've been surprised to find that my port scanner tells
>me ports 1022 and 1023 are open for tcp.

>I've looked at a few different assigned port number pages but haven't
>been able to find documentation on these ports.

>Does anybody know 1) what these ports are used for and 2) how to close
>them?

They're may be used by RPC-based services that want to use a privileged
port.  Do they show up in "rpcinfo -p"?

--

GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Don't bother cc'ing followups to me.

 
 
 

ports 1022 and 1023

Post by Fred Medic » Fri, 20 Nov 1998 04:00:00


No, they don't show up. Hm.

>> They're may be used by RPC-based services that want to use a privileged
>> port.  Do they show up in "rpcinfo -p"?


> >I'm working on closing ports on some FreeBSD machines. On a good number
> >of these machines I've been surprised to find that my port scanner tells
> >me ports 1022 and 1023 are open for tcp.

> >I've looked at a few different assigned port number pages but haven't
> >been able to find documentation on these ports.

> >Does anybody know 1) what these ports are used for and 2) how to close
> >them?

> They're may be used by RPC-based services that want to use a privileged
> port.  Do they show up in "rpcinfo -p"?

> --

> GTE Internetworking, Powered by BBN, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Don't bother cc'ing followups to me.

--

Fred Medick

http://www.xoom.com

 
 
 

ports 1022 and 1023

Post by Neil Ricke » Fri, 20 Nov 1998 04:00:00



>I'm working on closing ports on some FreeBSD machines. On a good number
>of these machines I've been surprised to find that my port scanner tells
>me ports 1022 and 1023 are open for tcp.

If anybody is running 'rlogin' or 'rdist' or 'rsh' or 'rcp' commands
this is expected.  These and a few other commands require reserved
ports, and the system assigns them from 1023 counting down.
 
 
 

ports 1022 and 1023

Post by e.. » Sat, 21 Nov 1998 04:00:00



> If anybody is running 'rlogin' or 'rdist' or 'rsh' or 'rcp' commands
> this is expected.  These and a few other commands require reserved
> ports, and the system assigns them from 1023 counting down.

Yes, but not accepting ports (which a portscanner detects).

You can see the owner of a open port with "fuser -vn tcp 1023" or "lsof  -i
tcp:1023"

Greetings
Bernd

 
 
 

ports 1022 and 1023

Post by Barry Margoli » Sat, 21 Nov 1998 04:00:00




>> If anybody is running 'rlogin' or 'rdist' or 'rsh' or 'rcp' commands
>> this is expected.  These and a few other commands require reserved
>> ports, and the system assigns them from 1023 counting down.

>Yes, but not accepting ports (which a portscanner detects).

Actually, rsh *does* accept connections on those ports.  Rsh uses a second
connection for stderr.  The client listens on a port and sends this port
number to the server.  Rdist and rcp are based on the rsh protocol, so they
inherit this feature.  Rlogin probably shouldn't have been included in the
list.

--

GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Don't bother cc'ing followups to me.

 
 
 

ports 1022 and 1023

Post by e.. » Wed, 25 Nov 1998 04:00:00



> Actually, rsh *does* accept connections on those ports.

Are we talking about the BSD shell/exec Daemons running on 512/514?

Quote:> connection for stderr.  The client listens on a port and sends this port
> number to the server.

Ah right, but the listening (on the client) only happens while someone just
launched a rsh call.

Greetings
Bernd