Hello,
When I used the Port Scanner in Network Utility, I noticed there were 3 open TCP ports: Port 1110, which had nfs-status as its usage, Port 1538, which linked to 3ds-lm, and Port 53213 which didn't have any identified usage listed, which I found to be suspicious.
When I used the netstat -a command in terminal, I saw the following as it related to Port 53213:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 localhost.53213 localhost.57089 CLOSE_WAIT
tcp4 0 0 localhost.57089 localhost.53213 FIN_WAIT_2
and:
tcp4 0 0 localhost.53213 localhost.49875 ESTABLISHED
tcp4 0 0 localhost.49875 localhost.53213 ESTABLISHED
tcp4 0 0 localhost.53213 *.* LISTEN
When I googled Port 53213, I noticed it was associated with a something called Xsan Filesystem Access. I read Xsan may be associated with vulnerabilities. Specifically, I read:
The Problem
There is a buffer overflow vulnerability in the Xsan filesystem driver that may affect systems directly attached to Xsan. An authenticated user with write access to the filesystem may exploit this vulnerability by creating a file with a specially crafted path name.
Impact
A local, authenticated attacker may be able to execute arbitrary code with system privileges, or create a denial-of-service condition.
Does anyone know what these ports are generally associated with? Does anything seem suspicious? What does the foreign address *-* that the open Port 53213 is communicating with mean?
Thank you for your help
Network Security - Open TCP Port 53213 Question
Hello,
There are a number of apps that just use random ports in the "dynamic" range of ports 49152-65535.
So, you have some app listening to port 53213. Yes, if you are on Apple this could be Xsan, but it could be a number of other things as well, check port 49152 for possibilities for the dynamic range of ports: https://www.speedguide.net/port.php?port=49152
Also, look at this FAQ:
https://www.speedguide.net/faq/how-can- ... mputer-115
You'd want to use the netstat command with the "-o" switch to find out the owning processes of these listening ports, then use task manager (or the equivalent in your OS) to find out exactly which process is using these ports. Once you establish which process uses them, you can look up possible vulnerabilities, updates, and decide whether you want it listening open to the world or behind a firewall.
I hope this helps
There are a number of apps that just use random ports in the "dynamic" range of ports 49152-65535.
So, you have some app listening to port 53213. Yes, if you are on Apple this could be Xsan, but it could be a number of other things as well, check port 49152 for possibilities for the dynamic range of ports: https://www.speedguide.net/port.php?port=49152
Also, look at this FAQ:
https://www.speedguide.net/faq/how-can- ... mputer-115
You'd want to use the netstat command with the "-o" switch to find out the owning processes of these listening ports, then use task manager (or the equivalent in your OS) to find out exactly which process is using these ports. Once you establish which process uses them, you can look up possible vulnerabilities, updates, and decide whether you want it listening open to the world or behind a firewall.
I hope this helps
First off, thank you for your reply
"So, you have some app listening to port 53213. Yes, if you are on Apple this could be Xsan"
Yes Im using a Mac. What exactly is Xsan? I read that it's been associated with vulnerabilities related to viruses and remote access trojans. Also, why does the Network Utility show a blank process next to port 53213 when the other open ports do show a process:
Port Scanning host: 127.0.0.1
Open TCP Port: 1110 nfsd-status
Open TCP Port: 1538 3ds-lm
Open TCP Port: 53213
"You'd want to use the netstat command with the "-o" switch to find out the owning processes of these listening ports"
When I typed the netstat -o command (the exact same way I did when I typed netstat -a, except for the change of letters of course), it returned: netstat: "illegal option -- o"
Is there something Im doing wrong?
Lastly, when I ran the netstat -a command just now, I got the following:
tcp4 0 0 localhost.53213 localhost.55851 ESTABLISHED
tcp4 0 0 localhost.55851 localhost.53213 ESTABLISHED
tcp4 0 0 localhost.53213 *.* LISTEN
In this case, localhost.49875 has been changed to localhost.55851 since the first time I ran the netstat -a command. Does this indicate anything suspicious? Thank you again for your help
"So, you have some app listening to port 53213. Yes, if you are on Apple this could be Xsan"
Yes Im using a Mac. What exactly is Xsan? I read that it's been associated with vulnerabilities related to viruses and remote access trojans. Also, why does the Network Utility show a blank process next to port 53213 when the other open ports do show a process:
Port Scanning host: 127.0.0.1
Open TCP Port: 1110 nfsd-status
Open TCP Port: 1538 3ds-lm
Open TCP Port: 53213
"You'd want to use the netstat command with the "-o" switch to find out the owning processes of these listening ports"
When I typed the netstat -o command (the exact same way I did when I typed netstat -a, except for the change of letters of course), it returned: netstat: "illegal option -- o"
Is there something Im doing wrong?
Lastly, when I ran the netstat -a command just now, I got the following:
tcp4 0 0 localhost.53213 localhost.55851 ESTABLISHED
tcp4 0 0 localhost.55851 localhost.53213 ESTABLISHED
tcp4 0 0 localhost.53213 *.* LISTEN
In this case, localhost.49875 has been changed to localhost.55851 since the first time I ran the netstat -a command. Does this indicate anything suspicious? Thank you again for your help
I believe OSX uses the BSD version of netstat, which does not show process IDs.. It might if you use the -v switch to increase verbosity level?
I'd try the following to see the process id if netstat doesn't work:
lsof -i :53213
Not sure about xsan vulnerabilities, you may want to research it further, but keeping your OS up to date should most likely take care of the more glaring issues.
I'd try the following to see the process id if netstat doesn't work:
lsof -i :53213
Not sure about xsan vulnerabilities, you may want to research it further, but keeping your OS up to date should most likely take care of the more glaring issues.