Re: Strange Behaviour !

[dewt <dewt () kc rr com>]

On Friday 26 October 2001 12:47 pm, Naseer Bhatti wrote:
> [...]
>     and finaly I am posting this to Incodents
> [...]
>
> Hi, I am administrating a Linux box running RedHat 7.1 with 2.4.2-2 kernel.
> Infact it's my fiend's box..anyway.. I noticed strange behaviour on the
> system. First of all strange ports are opened and the system is also on
> some sort of Firewall. Let me explain in detail.
>
> My Observations ...
>
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State
> tcp        0      0 0.0.0.0:32768        0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:98              0.0.0.0:*               LISTEN
>
> [...]
>
> like this is the output of netstat -an. I see here port 32768 listening oon
> but can't find any data when telnet 0 32768. This port seems to be
> something like
the one on port 32768 is rpc.statd (to stop it from running do 
/etc/rc.d/init.d/nfslock stop) and is normal to be there, the second is the 
linuxconf web port which will only be on if you have that turned on (to stop 
it do /etc/rc.d/init.d/linuxconf stop) that will only stop it temporarily, to 
stop it permanetly run ntsysv and deselect them from the list (use space to 
do that)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com