From: David Credeur (dwcredeur@yahoo.com)
Date: Fri Nov 19 2004 - 14:03:59 EST
Hello all,
I completed a port scan using NESSUS on one of my systems yesterday, I managed to turn off some items in questions with the exception of the one listed below, I've found no information on them from other research that I completed thus far. I do know they belong to RPC family from what the scans show; and these particular programs change ports as needed from the reboots that I done. I'm needing to complete this report to justifiy the ports being used are close them. How is it possible to close something that moves from reboot to reboot? How is it possible to determine what application is using the port when the only thing listed is a program number where an app name is listed. Our security policy dictates all ports must be justified or closed but this is extremely difficult. The only additional application that runs on my server is Sybase, and I had it turned off for one scan and on for another scan but proved the same results.
Llisted below are the ones that I have not figured out yet.
port progam #
32819/tcp #1289637086 ver 5
32819/tcp #1289637086 ver 1
32820/tcp #400000 ver 1 after a reboot port number changes
705/tcp #400001 ver 1 after two reboots, I noticed this one changed to a different ports also
692/tcp
650/tcp
I also ran rpcinfo and below is what I found as an example:
rpc program 400001 1 tcp 0.0.0.0.2.138 - superuser
this line is pretty much over my head..
I've also ran netstat -a; and it showed them as "listening"
Is there anyway to detmine what the name of the app is, or is it possible to turn the ports off.
SYSTEM
SUN V480
2 x 3510 disk arrays
Solaris 8
patched to SUNos Generic 108528-25
Syabase 12.0.0.7 (was turned off during one scan and turned on during scan #2 to
determine if this is where the rogues were located) But had no effect.
Thanks
Dave
System Admin