Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] ROOTKIT ?
  • From: dproc <dproc@xxxxxxx>
  • Date: Thu, 6 Nov 2003 20:58:57 -0500
  • Message-id: <20031107015857.GC29552@xxxxxxxxxxxxxxx>
Hi Michael!

On Thu, 06 Nov 2003, Michael Maldener wrote:

> Hallo Linux-Friends,
> I scanned my own box (my own dynamic IP) when I was online with:
> netcat -v -z 80.131.118.62 1-65535
> p5083763E.dip.t-dialin.net [80.131.118.62] 33352 (?) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 32769 (filenet-rpc) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 32768 (filenet-tms) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 6000 (?) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 631 (ipp) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 111 (sunrpc) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 22 (ssh) open
>
> And now I am afraid not be alone on my box !?
>
> What could I do now to close the unwanted ports?

The personal-firewall package in the SuSE distro should block all
of these for you, while you work out which services you don't need.

> x11 6000-6063/tcp X Window System

> Is this port necessary for a local machine, when I dont want X-forwarding?

No - not at all necessary in this case. Google the archives of this
list for "-nolisten tcp" to find out how to turn it off for your
version of SuSE Linux. Then restart X, and run netcat again to
confirm it is off.


< Previous Next >
This Thread
References