Security Basics mailing list archives
Re: Unknow process listening on high port
From: <Steve.Cummings () barclayscapital com>
Date: Tue, 25 Oct 2005 17:45:33 +0100
First thing I would check is if any traffic is going to them with tcpdump or snoop, also would take a look at your system around the port as have seen trojans that are port independant and usually replace original binary or a piece of code. Not sure if these are personal or corporate systems but there should be some tool you could run that checks the system or unwanted software -----Original Message----- From: Shawn Badger <sbadger () cskauto com> To: security-basics () securityfocus com <security-basics () securityfocus com> Sent: Tue Oct 25 14:33:16 2005 Subject: Unknow process listening on high port I have been auditing a couple of my Suse enterprise 9 servers and have come across a different port on each of them that doesn't show up when I use lsof, but show up in nmap and netstat. The ports are 39207/tcp on one server and 49751/tcp on the other. When I do lsof -i -n and grep it for the proper port I get no output. When I do netstat -ap I get an output, but the pid shows up as -. I haven't seen a process show up as a - before and don't where to start looking for that process. Here is the output of the netstat: server1:~# netstat -ap |grep 39207 tcp 0 0 *:39207 *:* LISTEN - I get the same results on the other server as well Any ideas would be appreciated. ------------------------------------------------------------------------ For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. ------------------------------------------------------------------------
Current thread:
- Unknow process listening on high port Shawn Badger (Oct 25)
- Re: Unknow process listening on high port David (Oct 26)
- Re: Unknow process listening on high port Bryan Andrews (Oct 26)
- Message not available
- Re: Unknow process listening on high port Shawn Badger (Oct 26)
- Re: Unknow process listening on high port Justin (Oct 31)
- Re: Unknow process listening on high port Shawn Badger (Oct 31)
- Re: Unknow process listening on high port Adam (Oct 31)
- Re: Unknow process listening on high port Shawn Badger (Oct 26)
- <Possible follow-ups>
- Re: Unknow process listening on high port Steve.Cummings (Oct 26)
- Re: Unknow process listening on high port Shawn Badger (Oct 27)