Security Incidents mailing list archives
Re: Strange Behaviour !
From: dewt <dewt () kc rr com>
Date: Fri, 26 Oct 2001 13:13:46 -0500
On Friday 26 October 2001 12:47 pm, Naseer Bhatti wrote:
[...] and finaly I am posting this to Incodents [...] Hi, I am administrating a Linux box running RedHat 7.1 with 2.4.2-2 kernel. Infact it's my fiend's box..anyway.. I noticed strange behaviour on the system. First of all strange ports are opened and the system is also on some sort of Firewall. Let me explain in detail. My Observations ... Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:98 0.0.0.0:* LISTEN [...] like this is the output of netstat -an. I see here port 32768 listening oon but can't find any data when telnet 0 32768. This port seems to be something like
the one on port 32768 is rpc.statd (to stop it from running do /etc/rc.d/init.d/nfslock stop) and is normal to be there, the second is the linuxconf web port which will only be on if you have that turned on (to stop it do /etc/rc.d/init.d/linuxconf stop) that will only stop it temporarily, to stop it permanetly run ntsysv and deselect them from the list (use space to do that) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Strange Behaviour ! Naseer Bhatti (Oct 26)
- Re: Strange Behaviour ! dewt (Oct 26)
- Re: Strange Behaviour ! Naseer Bhatti (Oct 26)
- Re: Strange Behaviour ! Christian Vogel (Oct 26)
- Re: Strange Behaviour ! dewt (Oct 26)