Security Incidents mailing list archives

Re: Analysing a rooted Irix 6.5 box

From: Geoff the UNIX guy <galitz () UCLINK BERKELEY EDU>
Date: Fri, 23 Feb 2001 14:02:23 -0800

Because of the lack lsof, here is what I do for IRIX boxes,I  run a port
mapper up the entire range of ports.

I tend to use nmap with the versions patch available from:
ftp://shrike.cchem.berkeley.edu/pub/springfield/nmap-2.54b4+V-2.3.tar.gz
This tells me what ports are open to the network and the version
patch will even tell me if something like ssh is running on
an unusual port (like port 3, which I have seen from time to time).
Note that you have specifically tell nmap to scan the entire range
of valid ports. By default, it does not go all the way to 65535.

After doing that, you can run fuser on any network ports which
seem unusual.   It's not a complete solution, but it is helpful.

-geoff



On Fri, 23 Feb 2001, Jeff Rosendale wrote:


Does anybody know of another tool for determining port usage on Irix?


you can also try fuser:

/sbin/fuser -f 9090/tcp

which should return all processes using sockets bound or connected to
the specified port/protocol.



Jeff Rosendale


---------------------------------------------------
Geoff Galitz, galitz () uclink berkeley edu
Research Computing
College of Chemistry, UC Berkeley
---------------------------------------------------
     The laws of physics can be a harsh mistress...
        - Bender

Current thread:

Analysing a rooted Irix 6.5 box Bill Royds (Feb 23)
- Message not available
  - Re: Analysing a rooted Irix 6.5 box Jeff Rosendale (Feb 23)
    - Re: Analysing a rooted Irix 6.5 box Geoff the UNIX guy (Feb 23)
- <Possible follow-ups>
- Re: Analysing a rooted Irix 6.5 box Moran, Darrin (Feb 23)