Security Incidents mailing list archives
Re: Analysing a rooted Irix 6.5 box
From: Geoff the UNIX guy <galitz () UCLINK BERKELEY EDU>
Date: Fri, 23 Feb 2001 14:02:23 -0800
Because of the lack lsof, here is what I do for IRIX boxes,I run a port mapper up the entire range of ports. I tend to use nmap with the versions patch available from: ftp://shrike.cchem.berkeley.edu/pub/springfield/nmap-2.54b4+V-2.3.tar.gz This tells me what ports are open to the network and the version patch will even tell me if something like ssh is running on an unusual port (like port 3, which I have seen from time to time). Note that you have specifically tell nmap to scan the entire range of valid ports. By default, it does not go all the way to 65535. After doing that, you can run fuser on any network ports which seem unusual. It's not a complete solution, but it is helpful. -geoff On Fri, 23 Feb 2001, Jeff Rosendale wrote:
Does anybody know of another tool for determining port usage on Irix?you can also try fuser: /sbin/fuser -f 9090/tcp which should return all processes using sockets bound or connected to the specified port/protocol. Jeff Rosendale
--------------------------------------------------- Geoff Galitz, galitz () uclink berkeley edu Research Computing College of Chemistry, UC Berkeley --------------------------------------------------- The laws of physics can be a harsh mistress... - Bender
Current thread:
- Analysing a rooted Irix 6.5 box Bill Royds (Feb 23)
- Message not available
- Re: Analysing a rooted Irix 6.5 box Jeff Rosendale (Feb 23)
- Re: Analysing a rooted Irix 6.5 box Geoff the UNIX guy (Feb 23)
- Re: Analysing a rooted Irix 6.5 box Jeff Rosendale (Feb 23)
- Message not available
- <Possible follow-ups>
- Re: Analysing a rooted Irix 6.5 box Moran, Darrin (Feb 23)