Results 1 to 6 of 6

Thread: Why is port 111 listening for incoming connections from any IP?

  1. 2019-11-12 #1
    hijax
    hijax is offline Junior Member
    Join Date
    2017-Oct
    Posts
    7

    Why is port 111 listening for incoming connections from any IP?

    I downloaded the latest Kali VM for VMWare from OffSec and ran netstat -auntp to check for listening ports when I noticed that both port 111 was listening for incoming connections. I wanted to verify is this is normal since it feels odd to have rpcbind actively accepting connections. Would love feedback on this. Here's the output:

    Code:
    root@kali:~# netstat -auntp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init              
tcp6       0      0 :::111                  :::*                    LISTEN      1/init              
udp        0      0 0.0.0.0:68              0.0.0.0:*                           641/dhclient        
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1/init              
udp6       0      0 :::111  

root@kali:~# lsof -i -P -n | grep LISTEN
systemd     1 root   30u  IPv4  14897      0t0  TCP *:111 (LISTEN)
systemd     1 root   32u  IPv6  14901      0t0  TCP *:111 (LISTEN)
  2. 2019-11-13 #2
    bigbiz
    bigbiz is offline Senior Member
    Join Date
    2016-Dec
    Location
    Canada
    Posts
    326
    Did you google what this port is used for? A unix/linux os mapping port.
  3. 2019-11-14 #3
    hijax
    hijax is offline Junior Member
    Join Date
    2017-Oct
    Posts
    7
    Yes I did but the question I have is why it's listening for incoming connections from any IP.
  4. 2019-11-19 #4
    bigbiz
    bigbiz is offline Senior Member
    Join Date
    2016-Dec
    Location
    Canada
    Posts
    326
    My guess you scanned a network and for some reason the service kept running. Used dsploit for instance
  5. 2019-11-19 #5
    Mister_X
    Mister_X is offline Senior Member
    Join Date
    2016-Dec
    Posts
    806
    It's one of the systemd services. This is kinda confusing, systemd assumes the port.

    List the services and figure out what services are running, then see if they have any port.

    grep 111 /etc/services
    It will show RPC, and there is a rpc service.
    systemctl stop rpcbind.socket
  6. 2019-11-22 #6
    hijax
    hijax is offline Junior Member
    Join Date
    2017-Oct
    Posts
    7
    Quote Originally Posted by Mister_X View Post
    It's one of the systemd services. This is kinda confusing, systemd assumes the port.

    List the services and figure out what services are running, then see if they have any port.

    grep 111 /etc/services
    It will show RPC, and there is a rpc service.
    systemctl stop rpcbind.socket
    Thank you @Mister_X. Yeah I had already done that & stopped the service so thank you for the confirmation. My main concern is checking to see if it was necessary to have it running. I haven't seen any issues since disabling rpcbind yet.

Similar Threads

  1. VNC server only listening to localhost
    By Ali736 in forum NetHunter General Questions
    Replies: 1
    Last Post: 2021-11-06, 16:12
  2. Win-KeX - Cannot establish any listening sockets
    By mia2wa in forum TroubleShooting Archive
    Replies: 0
    Last Post: 2021-02-20, 19:51
  3. OpenVAS listening on external ip
    By JimboV in forum General Archive
    Replies: 1
    Last Post: 2017-12-09, 21:45
  4. Kali 2.0 refuses incoming ssh connections
    By skorpinok in forum TroubleShooting Archive
    Replies: 1
    Last Post: 2016-01-02, 18:59

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules