Hello,
When I used the Port Scanner in Network Utility, I noticed there were 3 open TCP ports: Port 1110, which had nfs-status as its usage, Port 1538, which linked to 3ds-lm, and Port 53213 which didn't have any identified usage listed, which I found to be suspicious.
Port Scan has started…
Port Scanning host: 127.0.0.1
Open TCP Port: 1110 nfsd-status
Open TCP Port: 1538 3ds-lm
Open TCP Port: 53213
Port Scan has completed…
When I used the netstat -a command in terminal, I saw the following as it related to Port 53213:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 localhost.53213 localhost.57089 CLOSE_WAIT
tcp4 0 0 localhost.57089 localhost.53213 FIN_WAIT_2
and:
tcp4 0 0 localhost.53213 localhost.49875 ESTABLISHED
tcp4 0 0 localhost.49875 localhost.53213 ESTABLISHED
tcp4 0 0 localhost.53213 *.* LISTEN
When I googled Port 53213, I noticed it was associated with a something called Xsan Filesystem Access. I read Xsan may be associated with vulnerabilities. Specifically, I read:
The Problem
There is a buffer overflow vulnerability in the Xsan filesystem driver that may affect systems directly attached to Xsan. An authenticated user with write access to the filesystem may exploit this vulnerability by creating a file with a specially crafted path name.
Impact
A local, authenticated attacker may be able to execute arbitrary code with system privileges, or create a denial-of-service condition.
Does anyone know what these ports are generally associated with? Does anything seem suspicious? What does the foreign address *-* that the open Port 53213 is communicating with mean?
Thank you for your help
When I used the Port Scanner in Network Utility, I noticed there were 3 open TCP ports: Port 1110, which had nfs-status as its usage, Port 1538, which linked to 3ds-lm, and Port 53213 which didn't have any identified usage listed, which I found to be suspicious.
Port Scan has started…
Port Scanning host: 127.0.0.1
Open TCP Port: 1110 nfsd-status
Open TCP Port: 1538 3ds-lm
Open TCP Port: 53213
Port Scan has completed…
When I used the netstat -a command in terminal, I saw the following as it related to Port 53213:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 localhost.53213 localhost.57089 CLOSE_WAIT
tcp4 0 0 localhost.57089 localhost.53213 FIN_WAIT_2
and:
tcp4 0 0 localhost.53213 localhost.49875 ESTABLISHED
tcp4 0 0 localhost.49875 localhost.53213 ESTABLISHED
tcp4 0 0 localhost.53213 *.* LISTEN
When I googled Port 53213, I noticed it was associated with a something called Xsan Filesystem Access. I read Xsan may be associated with vulnerabilities. Specifically, I read:
The Problem
There is a buffer overflow vulnerability in the Xsan filesystem driver that may affect systems directly attached to Xsan. An authenticated user with write access to the filesystem may exploit this vulnerability by creating a file with a specially crafted path name.
Impact
A local, authenticated attacker may be able to execute arbitrary code with system privileges, or create a denial-of-service condition.
Does anyone know what these ports are generally associated with? Does anything seem suspicious? What does the foreign address *-* that the open Port 53213 is communicating with mean?
Thank you for your help