On Friday 26 October 2001 12:47 pm, Naseer Bhatti wrote: > [...] > and finaly I am posting this to Incodents > [...] > > Hi, I am administrating a Linux box running RedHat 7.1 with 2.4.2-2 kernel. > Infact it's my fiend's box..anyway.. I noticed strange behaviour on the > system. First of all strange ports are opened and the system is also on > some sort of Firewall. Let me explain in detail. > > My Observations ... > > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN > tcp 0 0 0.0.0.0:98 0.0.0.0:* LISTEN > > [...] > > like this is the output of netstat -an. I see here port 32768 listening oon > but can't find any data when telnet 0 32768. This port seems to be > something like > the one on port 32768 is rpc.statd (to stop it from running do /etc/rc.d/init.d/nfslock stop) and is normal to be there, the second is the linuxconf web port which will only be on if you have that turned on (to stop it do /etc/rc.d/init.d/linuxconf stop) that will only stop it temporarily, to stop it permanetly run ntsysv and deselect them from the list (use space to do that) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 11:18:43 PDT