HPE Community
Operating System - HP-UX
1832525 Members
8038 Online
110043 Solutions
New Discussion

Port number 513

 
SOLVED
Go to solution
ramesh_6
Frequent Advisor

‎09-09-2003 11:02 AM

‎09-09-2003 11:02 AM

Port number 513

Hi,

I tried using netstat to find what are ports/protocols my server is listening to and found one abnormal thing. I used the command netstat -an

udp 513 *.*

This line is without any keyword like listening or established so that i can assume some activityis going on there. I commented the 513 line in /etc/services and sent a HUP signal to inetd to reread the configuration file so that 513 will be taken out of legal ports. But still i am able to see the UDP 513 line in my netstat output and also when our security team run nmap port scanner it is showing as port 513 still open. Can anyone pls suggestwhy it is behaving this way and also to shutdown the port without rebooting the server. I appreciate your help.
0 Kudos
Reply
8 REPLIES 8
Steven E. Protter
Exalted Contributor

‎09-09-2003 11:10 AM

‎09-09-2003 11:10 AM

Re: Port number 513

Port 513 is reserved for remote login. This is for the Berkely protocols.

who -u

Kill the remote login sessions and the netstat output should change.

Eventually to be sure, you'll want to reboot the server.

If you are disabling remote logins, modify /etc/inet.conf

comment out the Berkely protocols, the rlogin etc.

save the file

inetd -c

Its shut down.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-09-2003 11:14 AM

‎09-09-2003 11:14 AM

Re: Port number 513

Hi Ramesh,

513/tcp is used for rlogin

513/udp is used for remote who (rwho) & remote uptime (ruptime)

If these are active, someone/something - somewhere is querying your system remotely.

To disable rwho: edit /etc/rc.config.d/netdaemons to RWHOD=0

To disable rusers:
edit /etc/inetd.conf & insure the rpc.rstatd AND rpc.rusersd are commented out & run inetd -c

To disable rlogin:
edit /etc/inetd.conf & insure the
login stream tcp nowait root /usr/lbin/rlogind rlogind
line is commented out & run inetd -c

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
ramesh_6
Frequent Advisor

‎09-09-2003 11:18 AM

‎09-09-2003 11:18 AM

Re: Port number 513

Hey i am seeing this in the output of netstat -an

UDP 0 0 *.513 *.*

There is no TCP Status line like listening or ESTABLISHED OR CLOSE_WAIT etc...

What the netstat output means? The port is listening or etc..

I appreciate your time
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-09-2003 11:34 AM

‎09-09-2003 11:34 AM

Re: Port number 513

Since it's a UDP protocol - not TCP - it won't have the same TCP states. UDP is essentially stateless.
The fact that it shows up however, does indicate that the system will respond to 513/udp connections.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
ramesh_6
Frequent Advisor

‎09-09-2003 11:43 AM

‎09-09-2003 11:43 AM

Re: Port number 513

Hi Jeff,

I am seeing "rpc.rstatd" without a comment in inetd.conf. If i comment it and gave a HUP signal to inetd it should not show in the netstat command. Am i right with the above statement?

Okay i am coming to my next question. Even though i have'nt listed the port 513 in my /etc/services how to make sure its not gonna start again if i reboot my server.

thanks for your earlier answers. I appreciate it.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-09-2003 12:03 PM

‎09-09-2003 12:03 PM

Solution

Re: Port number 513

Yes, to disable rpc.statd comment out it's line in /etc/inetd.conf - BUT then just run
inetd -c
That will HUP inetd & cause a re-read on the conf file.

To disable the 513/udp you *must* edit the /etc/rc.config.d/netdaemons file - set
RWHOD=0
Then run
/sbin/init.d/net stop
/sbin/init.d/net start
NOTE: This won't drop any existing connections, but WILL prevent new ones between the stop & start.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
ramesh_6
Frequent Advisor

‎09-09-2003 12:30 PM

‎09-09-2003 12:30 PM

Re: Port number 513

hey,

I have a problem here as i am running NFS services in the same server. Won't that will be affected if i stop rpcr.rstatd in the box?

Anyhelp appreciated
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-09-2003 12:59 PM

‎09-09-2003 12:59 PM

Re: Port number 513

Nope - rstatd only gives performance stats from the kernel to remote queries. NFS will be unaffected.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.