HPE Community
Operating System - HP-UX
1825007 Members
2857 Online
109678 Solutions
New Discussion юеВ

What program is using port 111?

 
SOLVED
Go to solution
Mark Tunnell
Advisor

тАО07-18-2003 01:48 PM

тАО07-18-2003 01:48 PM

What program is using port 111?

Ethereal and Netstat show a listener on port 111. I know this is the portmap port and I'd hoped to use lsof to show which program was utilizing this but lsof -i shows nothing on port 111. I've also tried lsof -i +M but still nothing on 111.

What am I missing?

Mark
0 Kudos
Reply
7 REPLIES 7
Caesar_3
Esteemed Contributor

тАО07-18-2003 01:58 PM

тАО07-18-2003 01:58 PM

Re: What program is using port 111?

Hello!

Try to connect to that port and see if it will
let you know who is listening
telnet locahost 111

Caesar
0 Kudos
Reply
PIYUSH D. PATEL
Honored Contributor

тАО07-18-2003 01:58 PM

тАО07-18-2003 01:58 PM

Re: What program is using port 111?

Hi Mark,

Some info about Port 111. Hope this helps.

There are many know exploits against a large list of services that the portmapper provides access to. All RPC services register themselves at port 111 (the "portmapper" or rpcbind for the Solaris guys). The calling client will have to access port 111 to query and identify ports where the needed service is running and ultimately connect to the service. This can be done with both TCP and UDP.

So the point is that port 111 is a place to find out where services are running. Many vulnerabilities exist with this port. For example, NFS has a known rpc-update exploit. Also, the NIS update daemon, rpc.ypupdated, contains vulnerabilities in how it passes commands to certain function calls.

Piyush

0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО07-18-2003 01:59 PM

тАО07-18-2003 01:59 PM

Re: What program is using port 111?

Hi Mark:

Try sampling both TCP and UDP:

# lsof -i tcp:111
# lsof -i udp:111

Regards!

...JRF...

0 Kudos
Reply
Mark Tunnell
Advisor

тАО07-18-2003 02:07 PM

тАО07-18-2003 02:07 PM

Re: What program is using port 111?

up2:/ # netstat -an | grep 111
tcp 0 0 *.111 *.* LISTEN
udp 0 0 *.111 *.*
up2:/ #

lup2:/ # lsof -i tcp:111
lup2:/ # lsof -i udp:111

Still nothing. Telnet'ing to port 111 just hangs. Does anyone know what default HP-UX services listen on that port? I'm running 11.11.

Thanks,

Mark
0 Kudos
Reply
Kevin Wright
Honored Contributor

тАО07-18-2003 08:23 PM

тАО07-18-2003 08:23 PM

Solution

Re: What program is using port 111?

As everyone mentioned, rpcbind listens on that port. Try a rpcinfo -p hostname to see what processes are registered with the portmapper, if that is what you mean.

Otherwise, stop the rpcbind process if you don't want it running.
Reply
Mark Tunnell
Advisor

тАО07-21-2003 04:54 PM

тАО07-21-2003 04:54 PM

Re: What program is using port 111?

Thanks. I'm not sure what it's telling me.

lup2:/etc/rc.config.d # rpcinfo -p localhost
program vers proto port service
100000 4 tcp 111 rpcbind
100000 3 tcp 111 rpcbind
100000 2 tcp 111 rpcbind
100000 4 udp 111 rpcbind
100000 3 udp 111 rpcbind
100000 2 udp 111 rpcbind
lup2:/etc/rc.config.d #

Does this mean that rpcbind has no portmap services registered? If that's the case and I don't need it how do I stop rpcbind from starting at boot? There's nothing by that name in /etc/rc.config.d.

Mark
0 Kudos
Reply
Con O'Kelly
Honored Contributor

тАО07-21-2003 05:06 PM

тАО07-21-2003 05:06 PM

Re: What program is using port 111?

Hi Mark

Just to clarify rpcbind listens on port 111. Portmap is the old name for rpcbind and was used prior to 11.x.

The rpcinfo is showing you have no other rpc services registered with rpcbind.

rpcbind is started by the /sbin/init.d/nfs.core script.

To stop:
# /sbin/init.d/nfs.core stop.

To stop it starting at boot, update the /etc/rc.config.d/nfsconf file so that
NFS_CLIENT=0
NFS_SERVER=0

Cheers
Con
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.