Leopard Holding TCP port 88/kerberos-sec open, why?

Similar Messages

• Unknown open TCP ports on router

  Anyone know how to close these open ports on my Cisco 7606 router?
  Anyone know what these TCP ports are used for?
  49   - Not sure what this one is other than what IANA reports about TCP port 49
  4510
  4509
  2222
  I'm sure I could add an ACL to block communications to my router based on this ports but would rather figure out how to close 'em so this already overloaded router doesn't have additional processing.
  Cisco-7606# sh tcp br all
  TCB       Local Address           Foreign Address           (state)
  12EFC1C0  172.16.8.3.14401        10.8.2.14.49              TIMEWAIT
  1CC4F57C  172.16.8.3.26963        10.8.2.14.49              TIMEWAIT
  1A419F90  0.0.0.0.4510            *.*                       LISTEN
  1C581740  0.0.0.0.4509            *.*                       LISTEN
  1A417BBC  0.0.0.0.2222            *.*                       LISTEN
  12FB03A8  10.8.10.2.2222          10.8.1.42.4690            CLOSEWAIT
  12FB099C  10.8.10.2.2222          10.8.1.42.2233            CLOSEWAIT
  12FA7DF0  10.10.0.3.2222          10.8.1.15.4878            CLOSEWAIT
  1CD47780  10.10.0.3.2222          10.8.1.15.3917            CLOSEWAIT
  1CDDBCE0  10.8.10.2.2222          10.8.1.42.3964            CLOSEWAIT
  Cisco-7606# sh ver | i image
  System image file is "disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRD3.bin"
  Tks
  Frank

  Frank
  I can offer some suggestion about one of your port numbers. TCP port 49 is used for TACACS. If you are using TACACS for authentication, or authorization, or accounting then we know why port 49 is open and blocking TCP49 will prevent TACACS from working with your router.
  I have no insights or suggestions about the other port numbers that you mention.
  HTH
  Rick

• Listing and closing open TCP ports

  Hi,
  For security reasons I would like to have as few open TCP ports as possible on my iMac, leaving open only those that I feel are worthwhile having enabled. How can I go about to
  a) identify which TCP ports are currently open on the system
  b) identify the processes that have opened the ports and understand the origin and purpose of those process
  c) disable the processes that have ports open, if I feel that there is no good reason for having them open
  I'm running OS X 10.9.4.
  Thanks!
  Fredrik

  You can run "netstat" in the Terminal or maybe Network Utility to see open ports. However, all you should really do is make sure you don't have any sharing services enabled. Otherwise that is all you can do. Macs are not meant to be used as servers or in secure environments. They are strictly consumer machines. Apple has engineered them to be highly secure, but not configurable by the user. It is highly unlikely that any modifications that an end-user can make would do anything other than reduce security.

• How do i find out what tcp ports are open? and where do i look it up?

  how do i find out what tcp ports are open? and where would i go to see them? i have a program that is asking for it and i am unable to find where those are listed.

  If you are not too tech savvy, try using the Network Utility found in the Utilities folder. Just have the Mac scan itself.
  If tech savvy, there's always Fyodor's classic NMap, found at www.insecure.org.

• Selector.open() uses two TCP ports on Windows

  As part of a security review, we are monitoring the ports opened by our application (which uses NIO) using TCPView on Windows Vista Business with sp1.
  I ran the NIO test below.
  public class NioSelectorMain {
  public static void main(String[] args) throws Exception {
  Selector selector = Selector.open();
  System.out.println(selector);
  Thread.sleep(Integer.MAX_VALUE);
  Example output is:
  sun.nio.ch.WindowsSelectorImpl@b1c5fa
  TCPView showed the following two ports opened - the numbers change each time obviously, but there are always two ports.
  javaw.exe:8224     TCP     aled-PC:50741     localhost:50742     ESTABLISHED     
  javaw.exe:8224     TCP     aled-PC:50742     localhost:50741     ESTABLISHED     
  I've tried this with sun jdk1.6.0_05 and jdk1.5.0_14. When running the same test on Linux, no ports are opened.
  Why are these ports used, and is there any way to either prevent them from being opened or to specify which ports should be used?
  Thanks in advance, Aled

  Thanks for the very prompt reply!
  or to specify which ports should be used?Why would you want to do that?Our enterprise customers would like to know which ports will be used so that they can lock down the machine as much as possible, and can better detect malicious programs/usage.
  I presume by "why would you want to do that" that it's not possible?

• TCP Port 62078 on my iPad is open

  TCP Port 62078 on my iPad is open with tcpwrappers - also UDP Port 5353 is open/filtered - is this normal? How can I close these ports? On my Macbook Pro they are closed. I do not like having open ports on my network.
  Thank You
  Bob

  I maintain a firewall for our corporate network and management asked for a mDNS proxy so that their iPhones on our Wi-Fi network could see our Airprint printers on the Ethernet LAN.  I regularly see firewall log entries for traffic from desktops on the LAN to iPhones on the Wi-Fi network.  At first it seemed random, but then I realised that the desktops and the iPhones were assigned to the same user in each case. The iPhones have presumably been paired with the desktop (iTunes) in the past and the iPhones are using mDNS / Bonjour to look for desktops that they have been previously paired with.  The desktops are communicating from ports in the range of 60289 to 62089 and always direct to port 62078 on the iPhone.  We don't have iPads on our network (as far as I know!), but from the Original Poster, it appears that this may also be the case with iPads.
  A little bit of digging found an article about Juice Jacking : http://www.zdziarski.com/blog/?p=2345
  So this port is used for iPhone or iPad Wi-Fi synching, as mentioned by rjw1678.  Once a pairing has been established with a computer, then your iPhone or iPad will always try to pair with this device until such time as you perform a factory restore on the iPhone / iPad.

• Open TCP Ports on 9216i

  We are auditing open TCP ports on our network equipment and discovered a number of open TCP ports on our 9216i. Is there any way to tell what the open ports are used for and shut them down if unnecessary? The show tcp command is not available. show tech did not reveal anything.

  There is the standard set of ports that are open for mgmt by ssh, telnet, and SNMP v2 or v3. Additionally, there is port 80 open so you can point web browser to it and get the FM code. The list is as follows.
  Common to all applications
  * SSH 22 (TCP)
  * TELNET 23 (TCP)
  * HTTP 80 (TCP)
  * SYSLOG 514 (UDP)
  Fabric Manager Server and Performance Manager
  * SNMP_TRAP 2162 (UDP)
  * SNMP picks a random free local port (UDP) - (can be changed in server.properties)
  * Java RMI 9099, 9199 to 9299 (TCP)
  Fabric Manager Client
  * Java RMI 9099, 9199 to 9299 (TCP)
  * SNMP picks a random free local port. (UDP) or 9189 (TCP) if SNMP proxy is enabled (can be changed in server.properties)
  Device Manager
  * SNMP_TRAP 1163 to 1170 (UDP) (picks one available in this range)
  * SNMP picks a random free local port (UDP) or 9189 (TCP) if SNMP Proxy is enabled (can be changed in server.properties)
  You can shut off telnet in lieu of ssh in the configuration. Also, it is possible to use access-lists on the mgmt ports to limit IP addresses/ports/etc. Also, don't forget that the IPS ports will be listening for FCIP and ISCSI if enabled.

• BEFW11S4 UDP AND TCP PORT opening

  How do i open UDP AND TCP ports specifically TCP ports: 80, 6667, 28910, 29900, 29920
  UDP ports: 4321, 27900 Its for a networkable game i need to open these ports to play it.

  Ok But when i try disabling the numbers in the forwarding field i run out of spaces in the field to be able to disable them Is there an advanced firewall settings that i dont know about? I put in all of the range forwarding and put the range forwarding start for example 80 originally (TCP ports: 80, 6667, 28910, 29900, 29920
  UDP ports: 4321, 27900) The ones i try to disable i run out of fields to disable them in the forwarding for example there are 10 slots for disabling and Im trying to disable them on two numbers 192.168.1.101. and 192.168.1.100 So i need to disable them for both ip numbers I got 10 fields to enter it into them and 10 x 2 is more than the numbers..... You get me?? and on top of that i dont know if what i did was enough Linksys doesnt want to help me without paying 30 dollars so im just thinking i should buy a new router....... i mean they charge 39 dollars for a new router and they want me to pay 39 dollars for tech support it just doesnt make any sense........

• What TCP/UDP ports need to be open for VPN Client version 4.8?

  What TCP/UDP ports need to be open for Cisco VPN Client version 4.8 to work?
  Thanks,

  Normally, you need the following ports and protocol :
  UDP 500
  UDP 4500
  ESP
  In case, you are using IPSec over TCP you have to open, TCP port 10000 or any other port you want to use for IPSec connections (Its configurable).
  -Kanishka

• Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplayer?

  Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplaer to operate properly? This would include updating, linking, and any subset of features.

  The Acrobat Family uses TCP HTTP/HTTPS for all traffic. The following processes and ports may be active on a Windows client machine:
  AdobeARM.exe - automatic updates - port 443
  AcroRd32.exe - brand messages - port 443
  AcroRd32.exe - links in documents - anything specified in the URL
  Acrobat.exe - brand messages - port 443
  Acrobat.exe - links in documents - anything specified in the URL
  AdobeCollabSync.exe - Tracker review data - port 443
  The same ports are used by the  program components on OS X.
  There are no inbound listening ports for any elements of the Acrobat Family. Automatic updates are not pushed and there are no server processes within the software.

• What Ports need to be opened during Exchange migration?

  Hi Team,
  I am working on a Migration project (Ex2007 to Ex2013). Same forest same domain but are in different sites.
  Please find the below details
  AD Site1 - Ex2007 Servers
  2 Mailbox Servers (CCR)
  2 (HUB+CAS) in NLB
  2 Domain Controllers 
  AD Site2 - Ex2013 Servers
  2 Multi Role Servers (MB+CAS) with DAG
  2 Domain Controllers
  We have firewall in between data centers, could some one help me out what ports are need to opened on firewalls.
  Thanks,
  Balgates
  Regards, Balgates

  808 (TCP)
  Mailbox Replication Service uses to communicate
  53 (TCP)
  DNS
  135 (TCP)
  RPC End Point
  389 (TCP)
  LDAP
  3268
  LDAP
  1024 > (TCP)
  if mailbox store is not statically configured then 1024 higher ports need to be open
  88 (TCP)
  Kerberos
  445 (TCP)
  Microsoft-DS Service
  443 (TCP)
  Mailbox Replication Proxy service uses port 443 to communicate with other Exchange 2010 client access server via HTTPS.

• Port Forwarding for Minecraft - Port not recognized as open

  I am trying to set up Port Forwarding to host a Minecraft server on a local machine. I am able to connect to Minecraft from within the network, but when I try to use my external IP, it fails. I have port forwarding (supposedly) set up on my Airport Extreme base station, for TCP/UDP port 25565. When I check on canyouseeme.com , it says that the port is not open. Do I have some configuration wrong in Airport Utility? I'm pretty sure it's not something wrong with my Ubuntu box (the one hosting the server) because I am able to connect to it without any problem using it's Internal IP.
  Any help is greatly appreciated.

  I am having this same problem.  My AirPort Utility is v6.2.  I have followed a tutorial labeled for v6.  I cannot open my ports.
  I have a static IP address with the following:
  Router Mode: DHCP and NAT
  I increased the DHCP Range so it would include the static IP address I selected.
  DHCP Reservations
  Description: Minecraft
  Reserve Address By: MAC Address and entered my MAC address
  IPv4 Address: the static IP address that I created in System Preferences- Network
  Port Settings
  Description: Minecraft
  Public UDP Ports: 25565
  Public TCP Ports: 25565
  Private IP Address: same as above which is the same as the statis IP address
  Private UDP Ports: 25565
  Private TCP Ports: 25565
  I also checked with Comcast, my internet provider, to make sure they were not blocking port 25565.  The person on the chat said that that port was open.
  I have been using yougetsignal.com to check if my ports are open and so far nothing.
  Does anyone have any suggestions?

• What ports need to be open on Fw for Waas Communication--Urgent

                     Hi All,
  This product is new to need your help in configuring this. I am explaining the architecture below:-
  We have a requirement to use WAVE-594-K9 Software Release 5.3.1 and in our Manila location and it will not talk to Waas central Manager in our client location instead client has installed one same model Wave-594 in PHX.
  So now client has said it will only be used for caching contents and not for optimizing, they have some video training on web which will be passed through this wave and for making them highly/fastly available to agents they want to use this.
  We have installed one Wave in Manila in application-accelerator mode and using PBR to redirect the desired traffic via Wave. As per our client Manila Wave will talk to PHX wave and PHX wave will get registered to Waas Manager in client network.
  We have firewall between PHX wave & Manila wave, please let me know do we need to opened tcp/udp ports on FW for opening the communication between these two waves?
  and what else i need to configure on Manila wave?
  This is very urgent quick reply will be highly appreciated!!
  Thanks!!
  Bhisham

  Thanks for the quick reply Kanwal!!
  I checked with my team in PHX and we have Juniper FW in between these two Wave's, so what i understand from the links which you have shared.
  In Manila Wave i need to configure that in Directed Mode and udp port 4050 needs to be opened bi-directionally on Juniper FW between IPs configured on wave devices.
  In Manila we have 10.111.x.189 (Virtual-Blade IP) & 10.111.x.190 IPs & in PHX we 63.149.23.x & 63.149.23.x (VB) so from both IPs we required to open udp 4050 bi-directionally? Want to be sure before raising any request :-)
  In PHX wave i am not sure whether we can configure that in directed mode and if it’s not then also it will work by opening port 4050 on FW Right?
  In last our client was saying that Manila Wave will only be used as cache engine (VB is configured as content-engine) and it will download contents from PHX Wave (which is registered to CM at client side), what does it mean and do i need to do any special config on wave to achieve this?
  I am very new to this device and lot of research on net confused me a lot, please don’t mind!!
  Will wait for your reply then only i will raise request with FWteam.
  Thanks,
  Bhisham

• Bypassing TCP port 25 restriction (i.e. worst ISP EVER; Mail is not allowed

  Hi
  The private company that runs my DOES NOT ALLOW Smtp connections on its "hi speed internet connection".
  Meaning that Mail cannot function and I have to check via webmail.
  I'm serious.
  Their FAQ states:
  Can I use email clients such as Microsoft Outlook or Outlook Express to send and receive emails?
  No, you will only be able to use web browser based email such as Hotmail or Gmail; this is due to limitations (on TCP port 25) which have been implemented to protect you against other computer users sending unsolicited bulk emails (SPAM) via your computer.
  Does anyone know a way to get around this as I NEED the functionality of Mail.....
  Also,
  Are all British ISPs this ridiculous?
  Dieing to find a solution to this....... Many Many Many Many Thanks
  PS. I already paid extra ($250USD) to enable 'super' internet which doesnt throttle VOIP, STREAMING, gaming, P2P etc.
  Luke

  Beginning January 1, 2006 Port 587 has been standardized as the port to use for authenticated SMTP servers although most will still work with Port 25 as well. More and more ISPs are blocking port 25 as various jurisdictions are holding them responsible for spam and/or viruses originating on their network. With unauthenticated SMTP anyone can send using that server whether they have an account or not. So the ISPs block that port with the sole exception of their own SMTP server so they can scan the messages for spam and viruses. With an authenticated SMTP server where a valid account id and password are required to send messages the provider of the server assumes the responsibility for scanning all traffic through their server thus relieving the ISP of the liability.
  Whether you think this is a big brother step or not, with estimates that spam on the internet is running as high as 70% of all email traffic, if it weren't for restrictions like this email would rapidly become an unusable tool. The only annoying thing I have found about this is how few ISP Tech Support people know about this. To often their solution is "you can only use another email provider through their webmail interface."

• LMS 4.2 Why is TCP port 514 used and how to close it?

  An internal security scan showed that TCP port 514 is open on the Cisco Prime LMS 4.2.4 server.  The security team is concerned that this port is commonly used for rsh, which is not encrypted and may use plain text logins or poorly authenticated logins.  The port being open is documented in the "Installing and Migrating ..." manual for LMS 4.2 where it says that this TCP port 514 is used for Remote Copy Protocol in the direction from the server to device.  The well-known port associated with a service is usually on the target host, not on the host that initiates the connection, so this is a little confusing.  I see that there is no rsh service in /etc/inetd.conf, but there is an rsh service in /etc/xinetd.conf.  This LMS is not configured to use RCP for anything, as far as I can tell.
  Can I close TCP port 514 on this server without disasterous results, and how do I do that?
  Or, how do I satisfy the security team that having this port open is not a security concern?
  Thanks for any help.
  Dave

  I have a love/hate relationship with security audits like that. Happy to know the profile of a server but then hating to have to justify everything their "report" "concludes" (95% of which is usually just dressed up too output from Nessus or whatever).
  Problem is with appliance servers running a packaged application like LMS, mucking with the OS settings (rc files etc.) can break things in unexpected ways. I'm more in favor of putting it on a segmented network and applying access-control lists or firewall rules inbound vs. trying to take apart the system and put it back together using only the parts you think are necessary (a bit of hyperbole there but it's to make a point).
  Call it defense in depth and declare victory and then move on with using the tool to actually manage the network instead of defending its configuration to the Stasi.