From owner-freebsd-security@FreeBSD.ORG Thu Nov 13 10:11:12 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DCE016A4CE for ; Thu, 13 Nov 2003 10:11:12 -0800 (PST) Received: from cliff.cs.athabascau.ca (cliff.cs.athabascau.ca [131.232.10.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1EF843FEC for ; Thu, 13 Nov 2003 10:11:11 -0800 (PST) (envelope-from dmitry@athabascau.ca) Received: from CONVERSION-DAEMON.local.athabascau.ca by local.athabascau.ca (PMDF V6.1-1 #30658) id <0HOA00B01YINVJ@local.athabascau.ca> for freebsd-security@freebsd.org; Thu, 13 Nov 2003 11:11:11 -0700 (MST) Received: from cs36.pc.athabascau.ca ([131.232.4.81]) by local.athabascau.ca (PMDF V6.1-1 #30658) with ESMTPS id <0HOA00IMXYIL2X@local.athabascau.ca> for freebsd-security@freebsd.org; Thu, 13 Nov 2003 11:11:11 -0700 (MST) Date: Thu, 13 Nov 2003 11:12:10 -0700 From: "Dmitry S. Makovey" To: freebsd-security@freebsd.org Message-id: <200311131112.18246.dmitry@athabascau.ca> Organization: Athabasca Open University MIME-version: 1.0 Content-type: Text/Plain; charset=koi8-r Content-transfer-encoding: QUOTED-PRINTABLE Content-disposition: inline Content-description: clearsigned data User-Agent: KMail/1.5.4 Subject: What could be on udp:48152 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Nov 2003 18:11:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm running stock FreeBSD with services running: samba (connectio= ns=20 allowed only from local network), lpd (same), bind (all interfaces), = apache=20 (all), zope (local) This machine is home gateway/http/printserver. Recently some strange things happened as my printer all of sudden sta= rted to=20 print stuff when nobody prints... luckily (or unluckily) it ran out o= f ink so=20 I can't tell what's printed. Checked programs running, ports opened a= nd found=20 one unidentified: udp4 0 0 *.49152 *.* dimon@gateway ~ > sockstat | grep 49152 bind named 270 4 udp4 *:49152 *:* Now', is there any reason for bind to use this port? Googling for that subject didn't bring any results other than usualy = this port=20 is first available for dynamic ports. Which doesn't make sence to me. System: FreeBSD 5.1 - --=20 Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/s8mAyDrVuGfS98QRAlo6AJ9Miz8bbYjkldiTvSGOd+LfwY/3CACcCQAj eNMb97scSLfQDvoHE6nx+L8=3D =3Dp4RL -----END PGP SIGNATURE-----