Background
I just recently installed Mandrake 9.0 on my computer Multibooting with winxp and win 98.
I have internet access through a wireless network server.
_____

About every minute when I run under Linux it broadcasts on port 513 to all computers. ( not a very good security idea, as it is saying here is my IP address to all the other computers in town, now try to hack me)
I am wondering how to disable this. It is also getting very annoying, because on the other computers in my office it sets off a firewall alert each time.

Do

netstat -p

to see the name and pid number of the process.

Can not find 513 in the log.
It is reported by the firewall log on windows computer as port 513 so what should i look for in the netstat -p list.

If it would help i can attach the textfile of the netstat -p report.

Thank you for your help.

login 513/tcp remote login a la telnet;
# automatic authentication performed
# based on priviledged port numbers
# and distributed data bases which
# identify "authentication domains"
who 513/udp maintains data bases showing who's
# logged in to machines on a local
# net and the load average of the
# machine



Why would you be running that? I'd say for the average home user it's pretty safe to disable.


If you ever have a question about what a port is for:

http://www.iana.org/assignments/port-numbers

Port 513 is used for the following UNIX specific services:

TCP - login
UDP - who

From the sound of things, somebody (or machine) is asking a question, and your machine is more than happy to answer.

There are port scanners available for you to see what is open and/or visible on your system. NMAP is one such scanner.

Originally posted by agconsult
Can not find 513 in the log.
It is reported by the firewall log on windows computer as port 513 so what should i look for in the netstat -p list.

If it would help i can attach the textfile of the netstat -p report.

Thank you for your help.


Do

man netstat

for a complete outline of netstat and its usability.

Having no luck trying to find what process is talking on 513, now also 32770 and 32773.
Removed everything I could find relating to telnet

Now since the remote computer is receiving on 513
shouldn't the sending computer also be sending on port 513 or am I missing something?
I do not have a lot of network experience but have in the past not had any problems setting them up.

This is getting annoying.

ps I was unaware of the man command Thanks!

That's filenet and an unassigned port. For some reason those numbers ring a bell though. I'd do a google search on those port numbers and see what you come up with. I seem to remember explicitly blocking them in my PIXes at work, but I can't remember what for. Some app (P2P maybe?) using them in ways we didn't want them used.

----edit:
I forgot to put this in the first time: There is such a thing as cross-port mapping. Just because one end is sending/recieving on a particular port, does not always mean the other computer is sending/recieving on the same port.

From your box (I assume it has internet access from the thread so far) open a browser connection to http://www.mycgiserver.com/servlet/kalish.Security
An alternative to this is http://grc.com/default.htm and click on the link 'shields up'
Both systems will scan your ports and report to you on exposed (commonly used) ports, including 513.

Otherwise I'd suggest locking down your firewall. An alternate to this is to set up port forwarding in your iptables/network config and send port 513 requests to a non-existent, non-routable IP address such as 192.168.1.1. The latter method bugs the heck out of the script-kiddies since they have to wait for the time-outs to report 'no response' - wastes their time and doesn't cost you a penny!!

Hope that helps!!

Ok went to mycgiserver: Reports 113 and 135 closed all others stealth

Trying to use shorewall
set up these rules and restarted shorewall
DROP net net tcp 513
DROP net net udp 513

(just trying to get one port at a time to shut up.)
The above rules had no effect.

another question?
How do I get shorewall to automatically start @ Boot.

Once again Thanks for any and all help.

Update:
I finally figured out what service was broadcasting on port 513. It was rwhod.
I got rid of it by removing rwho-0.17-7mdk.
I finally figured it out by lookiong in /var/log/messages.

Just thought I would pass this on in case anyone else had this problem.