Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
ROOTKIT ?
  • From: MALDENER.de@xxxxxxxxxxx (Michael Maldener)
  • Date: Thu, 6 Nov 2003 23:56:35 +0100
  • Message-id: <200311062356.35389.MALDENER.de@xxxxxxxxxxx>
Hallo Linux-Friends,
I scanned my own box (my own dynamic IP) when I was online with:
netcat -v -z 80.131.118.62 1-65535
p5083763E.dip.t-dialin.net [80.131.118.62] 33352 (?) open
p5083763E.dip.t-dialin.net [80.131.118.62] 32769 (filenet-rpc) open
p5083763E.dip.t-dialin.net [80.131.118.62] 32768 (filenet-tms) open
p5083763E.dip.t-dialin.net [80.131.118.62] 6000 (?) open
p5083763E.dip.t-dialin.net [80.131.118.62] 631 (ipp) open
p5083763E.dip.t-dialin.net [80.131.118.62] 111 (sunrpc) open
p5083763E.dip.t-dialin.net [80.131.118.62] 22 (ssh) open

And now I am afraid not be alone on my box !?

What could I do now to close the unwanted ports?

I took a fresh new /etc/services from
www.iana.org/assignments on my system.
rose:~ # grep '6000' /etc/services
....
x11 6000-6063/tcp X Window System
x11 6000-6063/udp X Window System
...
rose:~ #
But why the port 6000 is not shown by netcat? only a ?
Although it is in my /etc/services!
Is this port necessary for a local machine, when I dont want X-forwarding?

for ipp I have to look how? to deactivate this in cups?

What can i do, to find out what is behind
33352 (?) open
32769 (filenet-rpc) open
32768 (filenet-tms) open

____________________________________
The same thing when I was yesterday offline:

46837 (?) open
32769 (filenet-rpc) open
32768 (filenet-tms) open
6000 (x11) open
631 (ipp) open
111 (sunrpc) open
80 (http) open
22 (ssh) open

Best Regards and thank you in advance from Mick ; ~ {o} under shock
Now I do logout and go to sleep.
--
# MfG Michael Maldener + Das beste Linux ist die Pluralitaet aller Linuxica ;)

< Previous Next >
This Thread
Follow Ups