Firewall Wizards mailing list archives
Re: Port 37628....Is it just another port or out of the extra ordinary???
From: InHisGrip <servie_platon () yahoo com>
Date: Thu, 22 Jul 2004 10:58:16 -0700 (PDT)
Hi Bruce, Thank you so much on your suggestions. Incidentally, I am also contemplating on compiling and building my own kernel this way, I could select which options and services that I would need? What do you think? All of you guys are just awesome! You have given me lots of ideas and I have learned a lot. Thanks again everyone in this group! InHisGrip, Servie --- Bruce Smith <bruce_the_loon () worldonline co za> wrote:
Hi Servie There's a tool called lsof on most linux systems, if it's not installed by default it'll be on the CD's, that can show which processes have the port open. I think the exact syntax is lsof -i That should be able to tell you what has opened the port and from there you should be able to see if it's a trojan or not. Feel free to send me the output of this if you need a hand. Regards Bruce Smith ----- Original Message ----- From: "InHisGrip" <servie_platon () yahoo com> To: "firewall-wizards" <firewall-wizards () honor icsalabs com> Sent: Thursday, July 22, 2004 1:52 AM Subject: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???Hi everyone, I have setup an apache web server in my small home network and have configured this web server by enabling port forwarding for web requests and redirection using a non standard port other thanport80. I have also used my dns registrar/provider in particular dyndns.org to do the job of custom dnsandredirecting web traffic on my host machine. My question is related to security/firewall and in particular with linux ports being compromised.Basedfrom the information below, can anyone please letmeknow if the information I have attached based onopenports or listening ports on the output willsomehowcompromise my small home network or the linux web server box I have just set up? Oh, by the way, just wanted to make sure because I have placed the web server in a DMZ port and zone from my linksys router and I think but not surethatI am being shielded and protected atleast?Likewise, Ihave enabled advanced firewall protection on my linksys router. Am I just paranoid, or is there something to get alarmed especially on port 37628 which has a LISTEN state on all interfaces or ontheInternet? Here is a copy of my netstat -an output: Active Internet connections (servers andestablished)Proto Recv-Q Send-Q Local AddressForeignAddress State tcp 0 0 0.0.0.0:327680.0.0.0:*LISTEN tcp 0 0 127.0.0.1:327690.0.0.0:*LISTEN tcp 0 0 127.0.0.1:7830.0.0.0:*LISTEN tcp 0 0 0.0.0.0:1110.0.0.0:*LISTEN tcp 0 0 0.0.0.0:220.0.0.0:*LISTEN tcp 0 0 127.0.0.1:250.0.0.0:*LISTEN tcp 0 0 0.0.0.0:80900.0.0.0:*LISTEN tcp 0 0 0.0.0.0:4430.0.0.0:*LISTEN tcp 0 0 192.168.1.77:8090 203.218.54.165:4061 TIME_WAIT tcp 0 0 192.168.1.77:8090 203.218.54.165:4060 TIME_WAIT tcp 0 0 192.168.1.77:8090 203.218.54.165:4063 TIME_WAIT tcp 0 0 192.168.1.77:8090 203.218.54.165:4059 TIME_WAIT tcp 0 0 192.168.1.77:8090 203.218.54.165:4073 TIME_WAIT tcp 0 0 192.168.1.77:8090 203.218.54.165:4072 TIME_WAIT tcp 0 0 192.168.1.77:8090 203.218.54.165:4074 TIME_WAIT udp 0 0 0.0.0.0:327680.0.0.0:*udp 0 0 0.0.0.0:7500.0.0.0:*udp 0 0 0.0.0.0:1110.0.0.0:*Active UNIX domain sockets (servers andestablished)Proto RefCnt Flags Type State I-Node Path unix 10 [ ] DGRAM900/dev/log unix 2 [ ] DGRAM1464unix 2 [ ] DGRAM1402unix 2 [ ] DGRAM1384unix 2 [ ] DGRAM1370unix 2 [ ] DGRAM1324unix 2 [ ] DGRAM1050unix 2 [ ] DGRAM966unix 2 [ ] DGRAM908I am asking this question because the URL below mentioned about a trojan on his system and thiscouldalso be happening to mine. Is this a securitythreatboth on UDP and TCP ports 32768 among others?
http://www.linuxquestions.org/questions/archive/4/2002/01/2/11641
Any tips or thoughts on how to eliminate thisthreatwould be highly appreciated. Thanks in advance. Regards, Servie __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than otherproviders!http://promotions.yahoo.com/new_mail _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
__________________________________ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Port 37628....Is it just another port or out of the extra ordinary??? InHisGrip (Jul 21)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Chuck Swiger (Jul 22)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? InHisGrip (Jul 22)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Paul D. Robertson (Jul 22)
- Re: Port 37628....Is it just another port or out of theextra ordinary??? Kerry Thompson (Jul 23)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? InHisGrip (Jul 22)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Luca Berra (Jul 22)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Devdas Bhagat (Jul 22)
- <Possible follow-ups>
- Re: Port 37628....Is it just another port or out of the extra ordinary??? InHisGrip (Jul 23)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Victor Williams (Jul 25)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Mark Tinberg (Jul 26)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? R. DuFresne (Jul 26)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Marcus J. Ranum (Jul 27)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Victor Williams (Jul 25)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Chuck Swiger (Jul 22)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? vbwilliams (Jul 26)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? Mark Tinberg (Jul 26)
- Re: Port 37628....Is it just another port or out of the extra ordinary??? InHisGrip (Jul 26)