Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] server-check
  • From: Togan Muftuoglu <toganm@xxxxxxxx>
  • Date: Sat, 10 Feb 2001 12:55:15 +0200
  • Message-id: <20010210125515.A5367@xxxxxxxxxxxxx>
On Sat, Feb 10, 2001 at 11:14:17AM +0100, Raffy wrote:
> Hey,
>
> > Port State Service
> > 22/tcp open ssh
> > 25/tcp open smtp
> > 37/tcp open time
>
> Are you sure you need this???
I am using ssh and smtp

>
> > 80/tcp open http
> > 111/tcp open sunrpc
>
> And this? It's kind of dangerous to have this running. A lot of exploits are
> floating around which are attacking this service.
> Unless you _really_ need it. Close it up! Or block it at the firewall at
> least!!!

Will do asap

>
> > 119/tcp open nntp
>
> Sure you are using this?
I have Leafnode running with hosts.deny leafnode:ALL EXCEPT LOCAL
>
> > 444/tcp open snpp
> > 515/tcp open printer
> > 888/tcp open accessbuilder
> > 901/tcp open samba-swat
> > 4557/tcp open fax
> > 4559/tcp open hylafax
> > 6000/tcp open X11
>
> All of the above I'd probably close down as well. I really don't know why
> you would those services to be running!!!!
>
> > 12345/tcp open NetBus
> > 12346/tcp open NetBus
> > 31337/tcp open Elite
>
> Nice. As reported earlier on this list. Unplug your machine from the net.
> Very possible you were hacked!!!!

Now I need more than aspirin

>
> Check what is running behind 12345 with lsof and netstatš!!!

nothing

I did fuser -n 12345
fuser -n 12346

netstat -aenp

There is nothing running for these or am I running these command wrong


>
> Thanks
>
> Raffy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx

--
Togan Muftuoglu


< Previous Next >