Security Basics mailing list archives
Re: Unknow process listening on high port
From: Shawn Badger <sbadger () cskauto com>
Date: Thu, 27 Oct 2005 07:44:46 -0700
Fuser says the port is here, but gives no more information. I have ran chkrootkit on the servers and fortunately they both came back clean. I have also started watching traffic on the ports in question and noticed every so often that and pulls a couple test web pages. This is part of the High availability service and just using that high port to connect to the other server. I am not seeing any connections coming into the port in 24 hours of monitoring. I will keep monitoring and see what I find. Does anyone know why netstat reports a - for the pid though? On Tue, 2005-10-25 at 16:26 -0500, Bob Hacker wrote: > fuser -v -n tcp 39207 > > -bob > > > > On 10/25/05, Shawn Badger <sbadger () cskauto com> wrote: > I have been auditing a couple of my Suse enterprise 9 servers > and have > come across a different port on each of them that doesn't show > up when I > use lsof, but show up in nmap and netstat. The ports are > 39207/tcp on > one server and 49751/tcp on the other. When I do lsof -i -n > and grep it > for the proper port I get no output. When I do netstat -ap I > get an > output, but the pid shows up as -. I haven't seen a process > show up as a > - before and don't where to start looking for that process. > Here is the > output of the netstat: > server1:~# netstat -ap |grep 39207 > > tcp 0 0 *:39207 *:* > LISTEN - > > > I get the same results on the other server as well Any ideas > would be > appreciated. > > > >
Current thread:
- Unknow process listening on high port Shawn Badger (Oct 25)
- Re: Unknow process listening on high port David (Oct 26)
- Re: Unknow process listening on high port Bryan Andrews (Oct 26)
- Message not available
- Re: Unknow process listening on high port Shawn Badger (Oct 26)
- Re: Unknow process listening on high port Justin (Oct 31)
- Re: Unknow process listening on high port Shawn Badger (Oct 31)
- Re: Unknow process listening on high port Adam (Oct 31)
- Re: Unknow process listening on high port Shawn Badger (Oct 26)
- <Possible follow-ups>
- Re: Unknow process listening on high port Steve.Cummings (Oct 26)
- Re: Unknow process listening on high port Shawn Badger (Oct 27)