Re: What is port 3 used for?

From: Ajmo (alanjohnmoore@yahoo.com)
Date: 03/23/02 

From: Ajmo <alanjohnmoore@yahoo.com>
Date: Sat, 23 Mar 2002 10:45:45 +0100

In article <xnOm8.19$ey6.143@paloalto-snr1.gtei.net>,
 Barry Margolin <barmar@genuity.net> wrote:

> In article <alanjohnmoore-6F7161.23281322032002@talia.mad.ttd.net>,
> Ajmo <alanjohnmoore@yahoo.com> wrote:
> >I've got ipchains set to block all unecessary ports, but I'm seeing some
> >connections attempts on port#3 and they appear to be coming from email
> >servers. What is port #3 used for? (all I could find was a reference to
> >"source ports") Should I open it up? and if so to who?
>
> RFC 1700 says it's assigned to "Compression Process", but I've never heard
> of this, so I don't think it's a commonly-used application. I've never
> heard of anything actually using port 3, so this seems very suspicious.
>
> If you don't have anything listening on port 3, it shouldn't make a
> difference whether you open it or not. But if you're not listening on port
> 3, there's not much point in opening it.
>
> Are you sure it's not 113, the IDENT port?

It's definitely port 3 and the curious thing is that rechecking my logs
I find that there is output on that port as well, here's an extract from
the log:

Mar 19 18:01:17 xxxx kernel: Packet log: output REJECT eth1 PROTO=1
x.x.x.x:3: 204.215.60.153 3 L=92 S=0xC0 I=49567 F=0x0000 T=255 (#34)

I don't have logging enabled for all traffic so I don't know what came
in to provoke this output.

204.215.60.153 belongs to an ASP that I use for domain hosting (just
email). Any idea why this would be happening?

Thx

Alan 

-- 
Alan Moore
Email:ajmo at infomediador dot com

Quantcast