922 TCP ports closed!

Hi All,
Nmap gave me some disturbing news last night; I have 922 TCP ports closed on my computer, including stuff like Trinoo, Elite and some other trojans that I would think are Windows threats only. Even though the ports are closed (I've got firewall enabled), I have no idea how and why they appeared on my computer. I have a wireless router, but don't know if that matters. Thanks 4 your help.

Hi,
as you said, the ports are closed, this does mean that they are inaccessible so you don't have to worry. Additionally, when you're sitting behind a wireless router, it's own firewall should protect you from outside access. Anyway, it would be helpful if you could provide the whole output of nmap and tell us if you've scanned the IP which belongs to your local network or the IP which was assigned to your wireless router by your ISP.
Cheers,
ulrik

Similar Messages

  • Listing and closing open TCP ports

    Hi,
    For security reasons I would like to have as few open TCP ports as possible on my iMac, leaving open only those that I feel are worthwhile having enabled. How can I go about to
    a) identify which TCP ports are currently open on the system
    b) identify the processes that have opened the ports and understand the origin and purpose of those process
    c) disable the processes that have ports open, if I feel that there is no good reason for having them open
    I'm running OS X 10.9.4.
    Thanks!
    Fredrik

    You can run "netstat" in the Terminal or maybe Network Utility to see open ports. However, all you should really do is make sure you don't have any sharing services enabled. Otherwise that is all you can do. Macs are not meant to be used as servers or in secure environments. They are strictly consumer machines. Apple has engineered them to be highly secure, but not configurable by the user. It is highly unlikely that any modifications that an end-user can make would do anything other than reduce security.

  • Tomcat Servlet - TCP Port Already in Use?

    My problem is that tomcat/servlet is not releasing its TCP port after my servlet closes the port. Next time a servlet tries to use the port it gets an error "Port already in use". Using netstat I can see the port is still in use. If I stop tomcat and restart it, the port is released. I have not had this sort of problem writing C programs that use sockets.
    My setup is Fedora Core 6 with JDK1.5_14 and Tomcat 5.5.26. I know it's not the latest, but sockets and streams have been around for a long time.
    Actual implementation uses a trivial javaserver page to instantiate a class to create/accept connection from a client (JApplet). After connection, it starts a thread to receive data. I am using ServerSocket(), InputStreamReader(), and OutputStreamWriter(). On ServerSocket I set ReuseAddress to true.
    I have try/catch on all my I/O and use tomcat context log for error and OK messages. Data transfer is perfect. Detect close by client works. In the context log I see close of streams and ServerSocket occur with no exceptions. Then, I manually close the jsp window. No indication of any problems. If I use different port 2nd time (e.g. 50001) it all works perfect. If I use my default (50000) again, servlet gets an error during bind, "Port already in use".
    2.5 years with Java. 5 years with Linux and C.
    Please advise or refer

    rwengr wrote:
    My problem is that tomcat/servlet is not releasing its TCP port after my servlet closes the port. Next time a servlet tries to use the port it gets an error "Port already in use". Using netstat I can see the port is still in use. If I stop tomcat and restart it, the port is released. I have not had this sort of problem writing C programs that use sockets.Nice.... Not sure that matters though.
    >
    My setup is Fedora Core 6 with JDK1.5_14 and Tomcat 5.5.26. I know it's not the latest, but sockets and streams have been around for a long time.
    Actual implementation uses a trivial javaserver page to instantiate a class to create/accept connection from a client (JApplet). Bleah! Don't use a JSP for that. Use a servlet at worst. At best use a Servlet to start some other socket manager class which you can/have tested outside the Servlet Container environment.
    After connection, it starts a thread to receive data. I am using ServerSocket(), InputStreamReader(), and OutputStreamWriter(). On ServerSocket I set ReuseAddress to true.
    I have try/catch on all my I/O and use tomcat context log for error and OK messages. Data transfer is perfect. Detect close by client works. In the context log I see close of streams and ServerSocket occur with no exceptions. Then, I manually close the jsp window. Closing the browser window has no affect on the server.
    No indication of any problems. If I use different port 2nd time (e.g. 50001) it all works perfect. If I use my default (50000) again, servlet gets an error during bind, "Port already in use".
    2.5 years with Java. 5 years with Linux and C.
    Please advise or referShow some code. If you just want some generic advice it would be to close the port, as soon as you don't need it anymore. But you know that. Without any further code I think that is about all that can be said.
    P.S. Make the code as small as possible, compilable, but still demonstrating the problem. Also see: [this tutorial as an example...|http://www.javaworld.com/javaworld/jw-12-1996/jw-12-sockets.html?page=1]

  • TCP Port 62078 on my iPad is open

    TCP Port 62078 on my iPad is open with tcpwrappers - also UDP Port 5353 is open/filtered - is this normal? How can I close these ports? On my Macbook Pro they are closed. I do not like having open ports on my network.
    Thank You
    Bob

    I maintain a firewall for our corporate network and management asked for a mDNS proxy so that their iPhones on our Wi-Fi network could see our Airprint printers on the Ethernet LAN.  I regularly see firewall log entries for traffic from desktops on the LAN to iPhones on the Wi-Fi network.  At first it seemed random, but then I realised that the desktops and the iPhones were assigned to the same user in each case. The iPhones have presumably been paired with the desktop (iTunes) in the past and the iPhones are using mDNS / Bonjour to look for desktops that they have been previously paired with.  The desktops are communicating from ports in the range of 60289 to 62089 and always direct to port 62078 on the iPhone.  We don't have iPads on our network (as far as I know!), but from the Original Poster, it appears that this may also be the case with iPads.
    A little bit of digging found an article about Juice Jacking : http://www.zdziarski.com/blog/?p=2345
    So this port is used for iPhone or iPad Wi-Fi synching, as mentioned by rjw1678.  Once a pairing has been established with a computer, then your iPhone or iPad will always try to pair with this device until such time as you perform a factory restore on the iPhone / iPad.

  • MAC Floods ISP with TCP ports and is shutdown when count reaches 200

    I was told by ISP provider that my MAC floods them with massive amount of TCP ports when I open a single Safari or FireFox web page. When I am NOT connected, the TCP port count is ABOUT 3 with a Windows XP using a IE connection to APPLE.com PLUS AN SSL CONNECTION. When I open the same web page ON MY MAC, the count INSTANTLY jumps to 70+ and if I connect to another page it jumps to well over 100. If I leave pages open and jump to several different sites, I soon exceed the MAX TCP port limit of 200 and everyone on our home network is pretty much shutdown. Since it is a wireless connection to the ISP, the have to limit TCP ports to 200 per antenna connection. WHY DOES MY MAC USE SO MANY TCP PORTS FOR A SINGLE BROWSER CONNECTION?
    The home network uses LinkSys WRT54G router and WAP54G configured as Wireless Repeater. Windows does not have this problem. I do not have this problem anywhere else but on this wireless ISP connection. How do I remedy this problem?

    Here is a trap of opening a browser page:
    1. sudo tcpdump –pv tcp
    clayton-arndts-computer-2:~ claytonarndt$ sudo tcpdump –pv tcp
    tcpdump: WARNING: en0: no IPv4 address assigned
    tcpdump: illegal token: –
    clayton-arndts-computer-2:~ claytonarndt$
    2.
    lsof -i
    clayton-arndts-computer-2:~ claytonarndt$ lsof -i
    COMMAND&nbs p; PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    ARDAgent 2395 claytonarndt 17u IPv4 0x29bc0f0 0t0 UDP *:net-assistant
    AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
    SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
    firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
    firefox-b 3645 claytonarndt&nbs p; 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 39u IPv4 0x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->a204-245-162-26.deploy.akamaitechnologies.com:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:5 4188->a204-245-162-25.deploy.akamaitechnologies.com:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->a204-245-162-33.deploy.akamaitechnologies.com:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 5 5u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->a204-245-162-19.deploy.akamaitechnologies.com:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISH ED)
    firefox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 76u IPv4 0x4aa0a68 0t0 TCP 192.168.1.113:54215->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->a204-245-162-17.deploy.akamaitechnologies.com:http (ESTABLISHED)
    SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
    SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t 0 TCP 192.168.1.113:53904->spas.slingmedia.com:http (CLOSED)
    SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
    clayton-arndts-computer-2:~ claytonarndt$
    3.
    lsof -i -n
    clayton-arndts-computer-2:~ claytonarndt$ lsof -i -n
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    ARDAgent 2395 claytonarndt 17u IPv4 0x29bc
    0f0 0t0 UDP *:net-assistant
    AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
    SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
    firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->204.245.162.11:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->204.245.162.11:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->64.12.230.1:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 39u IPv4 0
    x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->204.245.162.26:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:54188->204.245.162.25:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
    firefox-b 3645 claytonarndt
    51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->204.245.162.33:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 55u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->204.245.162.19:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISHED)
    fir
    efox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
    firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->204.245.162.17:http (ESTABLISHED)
    SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
    SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t0 TCP 192.168.1.113:53904->157.22.2.7:http (CLOSED)
    SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
    clayton-arndts-computer-2:~=2
    0claytonarndt$
    The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now!
    The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now!

  • UDP and TCP ports

    Hi:
    I have a question. As we know, scanning TCP ports is a lot eaiser than UDP ports because active UDP ports don't respond and there are other reasons as well.
    try{
    Socket soc= new Scoket(address, portnumber);
    catch(Throwable e){ System.out.println(e)}
    look at the code above, it can only tell you active TCP ports for the Throwable e tells you nothing about UDP ports. An active UDP port doesn' respond to the connection call "soc". Therefore it will throw an exception(connection refused) after trying to connect an active UDP port. This exception is just like those of closed TCP ports.
    What i am saying is that active UDP ports will be treated the same as closed TCP ports. They are hidden in closed TCP ports. How do i sift them out? Any solutions?

    I am basically trying to determine how many UDP and TCP ports on a machine are open. Open TCP ports are easy to see. But UDP ports are tricky. Can you please tell me more in detail using a datagram socket?

  • WCF NetTcpBinding, remote client Established TCP Ports do not recycle

    In our application we have bunch of WCF services(NetTcpBinding) hosted under Windows Service, we have a remote client/clients which is connecting to this wcf service.
    When Network connection drop between client and Server, I am seeing that Established TCP Ports does NOT get recycled, When we get Network connectivity back and remote client app try to connect to the service again, we see new TCP Ports getting created again,
    but old TCP Ports still remain open, we have set ReliableSession to true and ReceiveTimeOut to 10 min on our WCF Service.
    Could anyone know here why this connection never gets recycled, what we have to do specific to have them cleanedup if remote client either crashes or network connection drops.

    You are probably closing the TCP connection simultaneously from both the client and server.  There is a design issue with TCP going back to the 1970's that has never been fixed.  When connections are closed from both ends at the same time sometimes
    ports are left open in a half open / half close state.  The correct method for closing TCP is as follows
    1)  From application level client send command to stop server
    2) Client closes connection
    3) Server uses the on closed event to dispose server objects so no memory leak occurs.
    jdweng

  • How to get the number of bytes at TCP port

    Hi all,
    How to get the number of bytes to read at the TCp port...as someone had suggested in some forum we do read the number of bytes first and then pass this...
    but we get a problem when we have FF data in this...because then it sends 2 FF data...and cause of this we skip the last data...is there any solution for the same?

    Hi
    In LabVIEW you don't have the same property as in serail port.
    You havn't "Byte at TCPIP port".
    if you developp a protocol, one soltion, is to send the size to read.
    Ingénieur d'Application / Développeur LabVIEW Certifié (CLD)
    Application Engineer / LabVIEW Certified Developer (CLD)

  • Bypassing TCP port 25 restriction (i.e. worst ISP EVER; Mail is not allowed

    Hi
    The private company that runs my DOES NOT ALLOW Smtp connections on its "hi speed internet connection".
    Meaning that Mail cannot function and I have to check via webmail.
    I'm serious.
    Their FAQ states:
    Can I use email clients such as Microsoft Outlook or Outlook Express to send and receive emails?
    No, you will only be able to use web browser based email such as Hotmail or Gmail; this is due to limitations (on TCP port 25) which have been implemented to protect you against other computer users sending unsolicited bulk emails (SPAM) via your computer.
    Does anyone know a way to get around this as I NEED the functionality of Mail.....
    Also,
    Are all British ISPs this ridiculous?
    Dieing to find a solution to this....... Many Many Many Many Thanks
    PS. I already paid extra ($250USD) to enable 'super' internet which doesnt throttle VOIP, STREAMING, gaming, P2P etc.
    Luke

    Beginning January 1, 2006 Port 587 has been standardized as the port to use for authenticated SMTP servers although most will still work with Port 25 as well. More and more ISPs are blocking port 25 as various jurisdictions are holding them responsible for spam and/or viruses originating on their network. With unauthenticated SMTP anyone can send using that server whether they have an account or not. So the ISPs block that port with the sole exception of their own SMTP server so they can scan the messages for spam and viruses. With an authenticated SMTP server where a valid account id and password are required to send messages the provider of the server assumes the responsibility for scanning all traffic through their server thus relieving the ISP of the liability.
    Whether you think this is a big brother step or not, with estimates that spam on the internet is running as high as 70% of all email traffic, if it weren't for restrictions like this email would rapidly become an unusable tool. The only annoying thing I have found about this is how few ISP Tech Support people know about this. To often their solution is "you can only use another email provider through their webmail interface."

  • ACS 5.5 SFTP repository non-standard TCP port

    is it possible to change the TCP port in a SFTP repository from 22 to something different  ?
    like this is not working
    repository sftp1
      url sftp://10.10.0.8:22222/user1
      user user1 password hash bc14bc179d2708cc31cbc22ee6a679cd22c095a1

    There is not much information inside the defect. We've been seeing different customer's experiencing this issue. 
    <B>Symptom:</B>
    SFTP stops working after upgrading to  ACS 5.5
    <B>Conditions:</B>
    once we upgrade to ACS 5.5
    <B>Workaround:</B>
    NA
    Try this one, this should work
    https://tools.cisco.com/bugsearch/bug/CSCum93359/?reffering_site=dumpcr
    Regards,
    Jatin
    **Do rate helpful posts**

  • Http probe on non-standard tcp port 8021

    I've configured http probe on standard port 80 with no issue. I'm now trying http probe on non-standard tcp port 8021, confirmed with packet capture to confirm that the CSM is indeed probing, status code 403 is returned but the reals are showing "probe failed". Am I missing something? Thank you in advance.
    CSM v2.3(3)2
    probe 8021 http
    request method head
    interval 2
    retries 2
    failed 4
    port 8021
    serverfarm TEST
    nat server
    no nat client
    real 10.1.2.101
    inservice
    real 10.1.2.102
    inservice
    probe 8021
    vserver TEST
    virtual 10.1.2.100 tcp 8021
    serverfarm TEST
    replicate csrp connection
    persistent rebalance
    inservice
    VIP and real status:
    vserver type prot virtual vlan state conns
    Q_MAS_8021 SLB TCP 10.1.2.100/32:8021 ALL OUTOFSERVICE 0
    real server farm weight state conns/hits
    10.1.2.101 TEST 8 PROBE_FAILED 0
    10.1.2.102 TEST 8 PROBE_FAILED 0

    you need to specify what HTTP response code you expect.
    The command is :
    gdufour-cat6k-2(config-slb-probe-http)#expect status ?
    <0-999> expected status - minimum value in a range
    The default is to expect only 200.
    This is why your 403 is not accepted.
    Gilles.

  • Unknown open TCP ports on router

    Anyone know how to close these open ports on my Cisco 7606 router?
    Anyone know what these TCP ports are used for?
    49   - Not sure what this one is other than what IANA reports about TCP port 49
    4510
    4509
    2222
    I'm sure I could add an ACL to block communications to my router based on this ports but would rather figure out how to close 'em so this already overloaded router doesn't have additional processing.
    Cisco-7606# sh tcp br all
    TCB       Local Address           Foreign Address           (state)
    12EFC1C0  172.16.8.3.14401        10.8.2.14.49              TIMEWAIT
    1CC4F57C  172.16.8.3.26963        10.8.2.14.49              TIMEWAIT
    1A419F90  0.0.0.0.4510            *.*                       LISTEN
    1C581740  0.0.0.0.4509            *.*                       LISTEN
    1A417BBC  0.0.0.0.2222            *.*                       LISTEN
    12FB03A8  10.8.10.2.2222          10.8.1.42.4690            CLOSEWAIT
    12FB099C  10.8.10.2.2222          10.8.1.42.2233            CLOSEWAIT
    12FA7DF0  10.10.0.3.2222          10.8.1.15.4878            CLOSEWAIT
    1CD47780  10.10.0.3.2222          10.8.1.15.3917            CLOSEWAIT
    1CDDBCE0  10.8.10.2.2222          10.8.1.42.3964            CLOSEWAIT
    Cisco-7606# sh ver | i image
    System image file is "disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRD3.bin"
    Tks
    Frank

    Frank
    I can offer some suggestion about one of your port numbers. TCP port 49 is used for TACACS. If you are using TACACS for authentication, or authorization, or accounting then we know why port 49 is open and blocking TCP49 will prevent TACACS from working with your router.
    I have no insights or suggestions about the other port numbers that you mention.
    HTH
    Rick

  • Smbclient wants to connect to TCP port 139

    On my Powerbook, using Little Snitch under certain conditions (undetermined) I get the following message repeatedly, I am not connected to a network (except for Airport) or printer:
    The application "smbclient" wants to connect to 192.168.131.65 on TCP port 139 (netbios-ssn)
    What is this all about - thanks.
    PB G4 Al 17"    

    Airport is as much of a network as Ethernet is. Port 139 is the normal port for SMB connections. (At the terminal, try "grep 139 /etc/services".) What you want to do is figure out where your Powerbook was connecting to a Windows file or printer server on network 192.168.0.0 or 192.168.131.0. Are either of those the network address for your Airport network? You can see this in your Network settings.
    Login Items is the first place to look for an alias that might trigger an automated mount, but another application (other than the Finder) could be looking for a file server, too (as another posted mentioned). You could try to grep for "192.168.131.65" in all the files in your Preferences folder, except if you have 10.4 they might all be binary now and you'd have to convert them to xml text first, using plutil (again in Terminal).

  • LMS 4.2 Why is TCP port 514 used and how to close it?

    An internal security scan showed that TCP port 514 is open on the Cisco Prime LMS 4.2.4 server.  The security team is concerned that this port is commonly used for rsh, which is not encrypted and may use plain text logins or poorly authenticated logins.  The port being open is documented in the "Installing and Migrating ..." manual for LMS 4.2 where it says that this TCP port 514 is used for Remote Copy Protocol in the direction from the server to device.  The well-known port associated with a service is usually on the target host, not on the host that initiates the connection, so this is a little confusing.  I see that there is no rsh service in /etc/inetd.conf, but there is an rsh service in /etc/xinetd.conf.  This LMS is not configured to use RCP for anything, as far as I can tell.
    Can I close TCP port 514 on this server without disasterous results, and how do I do that?
    Or, how do I satisfy the security team that having this port open is not a security concern?
    Thanks for any help.
    Dave

    I have a love/hate relationship with security audits like that. Happy to know the profile of a server but then hating to have to justify everything their "report" "concludes" (95% of which is usually just dressed up too output from Nessus or whatever).
    Problem is with appliance servers running a packaged application like LMS, mucking with the OS settings (rc files etc.) can break things in unexpected ways. I'm more in favor of putting it on a segmented network and applying access-control lists or firewall rules inbound vs. trying to take apart the system and put it back together using only the parts you think are necessary (a bit of hyperbole there but it's to make a point).
    Call it defense in depth and declare victory and then move on with using the tool to actually manage the network instead of defending its configuration to the Stasi.

  • [SQL QUERY] Select TCP Port Monitors and their related Watcher Node

    Hi everybody,
    I'm working on a SSRS report and SQL Query, I have no problem to find all my TCP Port Monitor (SCOM 2012 R2) based on the DisplayName, but I can't figure out how to get their related watcher nodes (in my case only 1 computer is a watcher node).
    I can't find which table, which field, contains this information..?
    Here is the query i started to write (i select * since i still searching for the right column):
    SELECT
    FROM StateView s
    INNER JOIN BaseManagedEntity me on me.BaseManagedEntityId=s.BaseManagedEntityId
    INNER JOIN MonitorView mv on mv.Id=s.MonitorId
    INNER JOIN ManagedTypeView mtv on mtv.Id=s.TargetManagedEntityType
    --where mv.DisplayName like 'Ping Target Status Check%'
    AND me.IsDeleted = '0'
    where mv.DisplayName like '%tcpmon%'
    and mv.LanguageCode = 'ENU'
    --and s.HealthState in (@state)
    ORDER BY s.Lastmodified DESC
    It would be great if someone can help me !
    Thanks,
    Julien

    Hi,
    After creating a TCP port monitor, we can find a table for this monitor under operationsmanager database :
    SELECT *
    FROM [OperationsManager].[dbo].[MT_TCPPortCheck_******WatcherComputersGroup]
    You will find the warcher computer group.
    Regards,
    Yan Li
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Maybe you are looking for

  • How to generate a SSL certificate for Adobe Connect?

    My organization uses adobe connect across the internet and we would like to enable SSL on the server. I have instructions for enabling SSL once a CSR is generated, but I do not know how to actually generate the CSR using Adobe Connect. Any info on ho

  • How to call my java program in vb?

    Hello , first of all i will tell my bussiness logic, i have designed a module in java for plotting a graph and the other module are written in vb so, i should call my module in vb,is the only method to do is calling my .bat file or is there any metho

  • Formating problems when printing from googlemail text program

    I often use the text program in my google mail account to write letters. However when I click on print preview the format is altered in an undesireable way. How can I avoid such unwanted format changes?

  • Preventing my 7 year old from seeing (on his Ipad) what I see on my Iphone

    So, I am surfing for Christmas gifts.... maybe some other adult type gifts. I signed my sons I pad up to my Itunes account. He is getting access to all my apps, Icloud whatever. How do I stop it? I have no problem creating his own apple ID and email

  • One computer that won't connect ipod classic

    I have ONE computer that won't connect itune and ipod class. It tells me that my ipod need recovery. ALL of the other three computers I use connect JUST FINE. What up?