Just noticed (whilst portscanning myself) that port 775 (entomb) is open.
All I can find in the way of a description is an RFC which is less than informative. Can anyone help me as to finding out what this is? It sounds like some BackOrifice thing. Or am I just paranoid? You should find out which process is bound to this port. Try one of:
fuser -n tcp 775 lsof -i tcp:775
lsof is generally quite a good tool to keep an eye over your server and to check whether some "strange" services run on your host. However you should verify that it is not trojaned then.
Could be some RPC service on that port (given it is TCP, of course), but I'm not sure though...
This is most likely the rpc.mountd. Another nice gimmick, similar to fuser and lsof, is `netstat -anp'.
MfG/Regards, Alexander
Roman.
--
- -
| Roman Drahtmüller