Re: Strange Behaviour !

From: dewt (dewtat_private)
Date: Fri Oct 26 2001 - 11:13:46 PDT

  • Next message: Naseer Bhatti: "Re: Strange Behaviour !"

    On Friday 26 October 2001 12:47 pm, Naseer Bhatti wrote:
    > [...]
    >     and finaly I am posting this to Incodents
    > [...]
    > Hi, I am administrating a Linux box running RedHat 7.1 with 2.4.2-2 kernel.
    > Infact it's my fiend's box..anyway.. I noticed strange behaviour on the
    > system. First of all strange ports are opened and the system is also on
    > some sort of Firewall. Let me explain in detail.
    > My Observations ...
    > Active Internet connections (servers and established)
    > Proto Recv-Q Send-Q Local Address           Foreign Address         State
    > tcp        0      0*               LISTEN
    > tcp        0      0    *               LISTEN
    > [...]
    > like this is the output of netstat -an. I see here port 32768 listening oon
    > but can't find any data when telnet 0 32768. This port seems to be
    > something like
    the one on port 32768 is rpc.statd (to stop it from running do 
    /etc/rc.d/init.d/nfslock stop) and is normal to be there, the second is the 
    linuxconf web port which will only be on if you have that turned on (to stop 
    it do /etc/rc.d/init.d/linuxconf stop) that will only stop it temporarily, to 
    stop it permanetly run ntsysv and deselect them from the list (use space to 
    do that)
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 11:18:43 PDT