Have you tried to strace it from the startup to the end ?
You would sure see the creation of this port and know more.
That’s the technique I use when the software is blackbox to me.
My strace invocation is using
/usr/bin/strace -fF -ttT -v -o strace.log -s 255 <PROGRAM>
++Cyrille
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org]
On Behalf Of Sreekanth Sukumaran
Sent: Monday, September 26, 2016 12:59 PM
To: openldap-technical@openldap.org
Subject: OpenLDAP server attack surface analysis shows UDP port 63515 in unknown state
Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group
Hi All,
OpenLDAP version : 2.4.39 on windows
Tool used : Microsoft Attack surface analyzer
We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established)
We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well.
Has anyone an idea on what this port could be for. Inputs are much appreciated.
--
Regards,
Sreekanth
--
Regards,
Sreekanth
09036794524