abishai 2017-03-03 16:55:54
guys
abishai 2017-03-03 16:56:20
I just nmaped my server, and there are over a dozen open/filtered UDP ports open
abishai 2017-03-03 16:56:57
what's up with that, I know I'm not running any services up there
psychoticwarrior 2017-03-03 16:57:30
what services?
Shadow_7 2017-03-03 16:57:45
dns is port 53 and udp
psychoticwarrior 2017-03-03 16:57:51
yes it is
bibble 2017-03-03 16:58:00
tru dat
abishai 2017-03-03 16:58:02
udp 19722, 20742, 34862.. just some of them
Shadow_7 2017-03-03 16:58:22
abishai: what does netstat say on the machine you scanned?
abishai 2017-03-03 16:59:06
netstat -tulpn shows only 2 ports open, sshd and httpd, as it should
abishai 2017-03-03 16:59:59
but those high UDP ports listening are weird, nmap can't find a service, reports 'unknown'
jsw_ 2017-03-03 17:00:09
Did you scan loopback, or one of your eth interfaces?
abishai 2017-03-03 17:00:40
I nmap from my home PC to my server
abishai 2017-03-03 17:01:13
have you tried nmaping your boxes?
jsw_ 2017-03-03 17:01:17
There may be something (modem? consumer firewall?) that has those ports open in between your pc and server?
jsw_ 2017-03-03 17:01:43
No, sorry, wrong direction. That's not it.
abishai 2017-03-03 17:01:52
nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)"
abishai 2017-03-03 17:01:56
try this
abishai 2017-03-03 17:02:15
(script is included in windows gui version of nmap)
Shadow_7 2017-03-03 17:02:28
is X running on said machine?
Shadow_7 2017-03-03 17:02:44
xauth list
abishai 2017-03-03 17:02:45
noway, it's a web server
jsw_ 2017-03-03 17:03:04
Use telnet to connect on those ports. What banner do you get?
abishai 2017-03-03 17:04:28
nothing. 'Connection Refused'
jsw_ 2017-03-03 17:05:14
... Then nmap or the script is lying to you I would think.
abishai 2017-03-03 17:05:14
could be some systemd sockets with no services behind
psychoticwarrior 2017-03-03 17:07:49
udev is a bitch. it should always be disabled
psychoticwarrior 2017-03-03 17:07:56
froze my machine
bibble 2017-03-03 17:09:02
think systemd ntp is on high/random udp port
abishai 2017-03-03 17:09:31
if anyone wants to test his box, share your results, Im curious
abishai 2017-03-03 17:10:15
let's make happy safe boxes :)
jsw_ 2017-03-03 17:11:11
@abishai, I think you'll need to chase down the inconsistency between the telnet test and your nmap tests before you get any further
abishai 2017-03-03 17:11:42
probably true
abishai 2017-03-03 17:11:48
will look into it
jsw_ 2017-03-03 17:12:30
Oh - duh. The difference is TCP vs UDP.
Shadow_7 2017-03-03 17:12:36
does udev even need to run after boot? The /dev/ devices should be created at that point. Baring device hot plugging.
abishai 2017-03-03 17:14:07
jsw_: wait.. yes lol.. fail test, I'll hack up a script to connect with UDP real quick
ksft 2017-03-03 17:29:35
When I run `optirun glxgears`, the window that appears is white with specks of cyan, magenta, and yellow
ksft 2017-03-03 17:30:07
this is on a laptop with a hybrid Nvidia/Intel graphics card thing
abishai 2017-03-03 17:30:54
jsw_: I setup a php script, sending a few bytes succeeds but when I try to receive anything, socket_recv() returns false with '[0] The operation completed successfully.'
ksft 2017-03-03 17:30:59
Debian 8.6, Bumblebee 3.2.1
abishai 2017-03-03 17:31:31
jsw_: note that the same happens to ANY UDP port, not just the ones nmap reported 'open/filtered'
abishai 2017-03-03 17:32:26
jsw_: so what can I say, probably some nmap cmdline weirdness
jsw_ 2017-03-03 17:32:36
abishai, I'm afraid I'm not familiar with php enough to offer advice on that. What about netcat?
abishai 2017-03-03 17:37:00
jsw_: nc -vnzu server.ip 1-65535
abishai 2017-03-03 17:37:40
jsw_: reports ALL udp ports as '(UNKNOWN) [x.x.x.x] 65518 (?) open'
abishai 2017-03-03 17:38:38
jsw_: I stopped scanning at port 64000 or so because it was getting ridiculous
abishai 2017-03-03 17:39:06
jsw_: can you try on your box
userro 2017-03-03 17:41:05
there are only 64000 ports you can't scan more
abishai 2017-03-03 17:42:02
nc started scanning from 65k downwards
userro 2017-03-03 17:42:17
kk
jsw_ 2017-03-03 17:42:55
tldr I'd chalk it up to a red herring
abishai 2017-03-03 17:43:12
?
jsw_ 2017-03-03 17:44:26
Unless both process bind to aport with the right flag IIUC the netcat test should have revealed any ports already in use. http://stackoverflow.com/questions/4364434/let-two-udp-servers-listen-on-the-same-port
