Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
RE: [suse-security] ROOTKIT ?
  • From: "Sturgis, Grant" <Grant.Sturgis@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 6 Nov 2003 16:03:19 -0700
  • Message-id: <17CAB0BF27BCFC47B0E4554A0E2F962B239A40@xxxxxxxxxxxxxxxx>
What does:

netstat -anp|grep LISTEN

say?


Grant

-----Original Message-----
From: Michael Maldener [mailto:MALDENER.de@xxxxxxxxxxx]
Sent: Thursday, November 06, 2003 3:57 PM
To: suse-security@xxxxxxxx
Subject: [suse-security] ROOTKIT ?


Hallo Linux-Friends,
I scanned my own box (my own dynamic IP) when I was online with:
netcat -v -z 80.131.118.62 1-65535
p5083763E.dip.t-dialin.net [80.131.118.62] 33352 (?) open
p5083763E.dip.t-dialin.net [80.131.118.62] 32769 (filenet-rpc) open
p5083763E.dip.t-dialin.net [80.131.118.62] 32768 (filenet-tms) open
p5083763E.dip.t-dialin.net [80.131.118.62] 6000 (?) open
p5083763E.dip.t-dialin.net [80.131.118.62] 631 (ipp) open
p5083763E.dip.t-dialin.net [80.131.118.62] 111 (sunrpc) open
p5083763E.dip.t-dialin.net [80.131.118.62] 22 (ssh) open

And now I am afraid not be alone on my box !?

What could I do now to close the unwanted ports?

I took a fresh new /etc/services from
www.iana.org/assignments on my system.
rose:~ # grep '6000' /etc/services
....
x11 6000-6063/tcp X Window System
x11 6000-6063/udp X Window System
...
rose:~ #
But why the port 6000 is not shown by netcat? only a ?
Although it is in my /etc/services!
Is this port necessary for a local machine, when I dont want X-forwarding?

for ipp I have to look how? to deactivate this in cups?

What can i do, to find out what is behind
33352 (?) open
32769 (filenet-rpc) open
32768 (filenet-tms) open

____________________________________
The same thing when I was yesterday offline:

46837 (?) open
32769 (filenet-rpc) open
32768 (filenet-tms) open
6000 (x11) open
631 (ipp) open
111 (sunrpc) open
80 (http) open
22 (ssh) open

Best Regards and thank you in advance from Mick ; ~ {o} under shock
Now I do logout and go to sleep.
--
# MfG Michael Maldener + Das beste Linux ist die Pluralitaet aller Linuxica ;)

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended
to be for the use of the individual or entity named above. If you are not the
intended recipient, please be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. Please notify the
sender of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.


< Previous Next >
Follow Ups