Hello... November 14, 2002 I noticed a service running on port 127/tcp. The box runs only Apache, no SSL. Only open ports before this were 21/22/80 PHP was installed 5 days prior to this. PHP runs in safemode. I run netstat -an every morning, which is how I found the issue. There were no log entries that showed anything out of the ordinary. Users have access to FTP only. Connections to port 127 are being blocked by the firewall. If anyone would like more information, feel free to contact me. Enjoy the day. -------------------------------- httpd 186 root 18u IPv4 0xc82d4600 0t0 TCP *:locus-con (LISTEN) httpd 186 root 19u IPv4 0xc82d43e0 0t0 TCP 111-145-58-66-cable.anchorageak.net:http (LISTEN) BOX DETAILS: # uname -a FreeBSD 4.7-STABLE #0: Tue Oct 22 09:09:45 AKDT 2002 # ./httpd -v Server version: Apache/1.3.28-dev (Unix) Server built: Nov 10 2002 08:35:06 # netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 66.58.145.111.80 *.* LISTEN tcp4 0 0 *.127 *.* LISTEN -------------------------------------------------------------------------- -- Greg S. Wirth Anchorage, Alaska http://rapidfx.org ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Nov 17 2002 - 23:41:27 PST