Re: Strange Behaviour !

From: dewt (dewtat_private)
Date: Fri Oct 26 2001 - 11:13:46 PDT

  • Next message: Naseer Bhatti: "Re: Strange Behaviour !"

    On Friday 26 October 2001 12:47 pm, Naseer Bhatti wrote:
    > [...]
    >     and finaly I am posting this to Incodents
    > [...]
    >
    > Hi, I am administrating a Linux box running RedHat 7.1 with 2.4.2-2 kernel.
    > Infact it's my fiend's box..anyway.. I noticed strange behaviour on the
    > system. First of all strange ports are opened and the system is also on
    > some sort of Firewall. Let me explain in detail.
    >
    > My Observations ...
    >
    > Active Internet connections (servers and established)
    > Proto Recv-Q Send-Q Local Address           Foreign Address         State
    > tcp        0      0 0.0.0.0:32768        0.0.0.0:*               LISTEN
    > tcp        0      0 0.0.0.0:98              0.0.0.0:*               LISTEN
    >
    > [...]
    >
    > like this is the output of netstat -an. I see here port 32768 listening oon
    > but can't find any data when telnet 0 32768. This port seems to be
    > something like
    >
    the one on port 32768 is rpc.statd (to stop it from running do 
    /etc/rc.d/init.d/nfslock stop) and is normal to be there, the second is the 
    linuxconf web port which will only be on if you have that turned on (to stop 
    it do /etc/rc.d/init.d/linuxconf stop) that will only stop it temporarily, to 
    stop it permanetly run ntsysv and deselect them from the list (use space to 
    do that)
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 11:18:43 PDT