From owner-freebsd-security@FreeBSD.ORG  Mon Aug  9 06:21:19 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0683416A4CE
	for <freebsd-security@freebsd.org>;
	Mon,  9 Aug 2004 06:21:19 +0000 (GMT)
Received: from smtp2.eunet.yu (smtp2.eunet.yu [194.247.192.242])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C558743D45
	for <freebsd-security@freebsd.org>;
	Mon,  9 Aug 2004 06:21:17 +0000 (GMT)	(envelope-from kolicz@eunet.yu)
Received: from smtp2.EUnet.yu (root@localhost)
	by smtp2.eunet.yu (8.12.10/8.12.10) with SMTP id i796LGaD032567
	for <freebsd-security@freebsd.org>; Mon, 9 Aug 2004 08:21:16 +0200
Received: from kolic.net (P-2.102.EUnet.yu [213.240.2.102])
	by smtp2.eunet.yu (8.12.10/8.12.10) with ESMTP id i796LEls032262;
	Mon, 9 Aug 2004 08:21:15 +0200
Received: by kolic.net (Postfix, from userid 1001)
	id C922B4148; Mon,  9 Aug 2004 08:18:18 +0200 (CEST)
Date: Mon, 9 Aug 2004 08:18:18 +0200
From: Zoran Kolic <kolicz@eunet.yu>
To: larry price <laprice@gmail.com>
Message-ID: <20040809061818.GA634@kolic.net>
References: <20040808053526.GA652@kolic.net>
	<a992d1e5040808111970de2d93@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <a992d1e5040808111970de2d93@mail.gmail.com>
cc: freebsd-security@freebsd.org
Subject: Re: about nmap
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2004 06:21:19 -0000

Thanx all for reply.

> Got BIND running? BIND usually likes to have a random TCP port bound. Mine
> seems to be inclined to hang around in the 3xxx range, though.

No, I don't have it.

> nmap itself?

Why only in userland? X? Could be my old and
cheap comp. BTW, 3.48.

> what does sockstat -p <portnumber> tell you?

port 25 (ipfw2 dynamic rules)
port 2628 dictd (server for dictionaries)
port 514 syslogd in udp (no rule to access
from outside)

> Ftp perhaps?

No, just a workstation.

When I find something open and check
it again, it is closed. And... cannot
close "syslogd" for report issues. Is
it what everyone have open on udp 514?
Nothing suspected in conf.

Best regards.

                ZK