The UDP:799 port is open on my rhel 3 server.
I can't find which service is behind it. I've tried everything with no success. Now I suspect to be a backdoor or something like this :(


1. #nmap -sU localhost
799/udp open unknown
2. netsta -tupan | grep 799
udp 0 0 0.0.0.0:799 0.0.0.0:* -
3.lsof -i :799 -> nothing

4. lsof -V -i UDP -> nothing related


Do you have any idea? I thing this is very difficult of impossible finding what is behind this port.

What could I do next? Please give me some hints!!


Thanks in advance!

if this port is blocked by a firewall, try unblocking it and scanning again. I wouldn't be surprised if it then showed up as closed.

http://www.dslreports.com/forum/remark,1006026~root=equip,16~mode=flat

open basically means that it didn't receive a "this port is closed" message. That means that it's certainly possible for no machine to be there, or for an open port to exist.

udp:799 is not filtered.
I set up a sniffer and I don't get back any ICMP dest port unreachable. In fact I don't get back anything from this port.
I've tried to scan other udp ports and if the port is closed I get back icmp dest port unreachable so my ip/tcp stack works as it supposed to work.

I tell you, I've already tried almost anything. :(

I think this may answer your port 799 issue
http://seclists.org/lists/incidents/2000/Sep/0165.html

Thanks for that link!