Why is port 1111 open, and is it safe to be?

security networking linux port tcp

Solution 1:

According to this reference:

Because protocol TCP port 1111 was flagged as a virus (colored red) does not mean that a virus is using port 1111, but that a Trojan or Virus has used this port in the past to communicate.

So, it could be a virus/trojan.

I would recommend you to use Net Activity Viewer to determine what process/service is keeping this port on listening state:

enter image description here

After this, Google the process name to see if there are any viruses related to this process and to this port.

Finally, if you think it is a virus, just follow the instructions guided here.

Solution 2:

You can use lsof -i :1111 to find the process connected to port 1111.

Solution 3:

IANA's (Internet Assigned Numbers Authority) port description is:

1111 tcp,udp lmsocialserver LM Social Server

But its also known to be used by 

1111    tcp trojan  Daodan, Ultors Trojan   Trojans
1111    udp trojan  Daodan  Trojans
1111    tcp threat  W32.Suclove Bekkoame
1111    tcp,udp threat  AIMVision   Bekkoame

Trojans that use this port:
    Backdoor.AIMvision - remote access trojan, 10.2002. Affects all current Windows versions.
    Backdoor.Ultor - remote access trojan, 06.2002. Affects Windows, listens on port 1111 or 1234.
    Backdoor.Daodan - VB6 remote access trojan, 07.2000. Affects Windows.
    W32.Suclove.A@mm (09.26.2005) - a mass-mailing worm with backdoor capabilities that spreads through MS Outlook and MIRC. Opens a backdoor and listens for remote commands on port 1111/tcp.

Sources:

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

http://www.speedguide.net/port.php?port=1111

Solution 4:

Check /etc/services

Generally, you can find standard service ports listed in /etc/services. However, on my system:

fgrep 1111 /etc/services

returns no information, so it's probably not a standard service.

Check netstat

You can see what programs are using a given port with netstat.

sudo netstat -lntp | fgrep 1111

You can then use that information to determine if it's a necessary system service for your environment.

Stopping Unnecessary Processes

Stopping system processes is somewhat platform-specific, but many Linux systems support a sudo service ssh stop or similar command, or you can call the startup script directly with sudo /etc/init.d/<service> stop. If it's not a system service, you can just call sudo kill <pid> to send SIGTERM to the process.

Note that stopping a service doesn't prevent it from running again, so you may also need to adjust your runlevel startup scripts in whatever way is appropriate for your specific platform.

Solution 5:

This speedguide.net page indicates that TCP port 1111 is used by an app called LikeMinds Socialserver, but it also says it's known to be used by several malware apps. Perhaps a full malware scan of your disk is in order.

Related

Unable to install ia32-libs
Do multi-core CPUs still suffer from diminishing returns in today's world?
How can I block social share buttons in webpages [duplicate]
Is there any way to override HTML's target="_blank" behavior as an end user?
Increasing link speed on OpenVPN (bandwidth)
Can you change permission to all files except one directory in Linux?
CentOS Live CD vs Live DVD download
Why is my default browser setting being ignored?
How to resize font size on window title bar on gnome?
How can I scp when path and / or filename to copy has spaces?
What does shiftwidth do in VIM editor
Recursively list full absolute path of files with permissions in Linux