Better do some intrusion detection. It could be a root shell or trojan bound to that port that the intruder removed after you scanned yourself. Also lsof and netstat should help you find which user owns whatever proces is bound to that port. On Mon, 30 Apr 2001, Marko Kaening wrote:
Hi,
running nmap lately on my host revealed some open ports which I couldn't really identify:
1) port 1987 with service named something like "trsrb-p1" (don't remember the name exactly, since the open port vanished after a while)
2) port 1024 with service "unknown"
What are those ports used for? Especially the first one with that strange name I have never seen so far... I coudln't find any hints in /etc/inetd.conf nor in /etc/services.
Regards, Marko
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com