Date: Mon, 18 Dec 2000 17:40:30 -0600
From: Jeffrey Taylor
Message-ID: <20001218174030.A21913@elendil.bearhouse.lan>
Subject: Re: [SLE] port 27374??
This is the port for the SubSeven trojan. It is the most common
connect I see. The firewall accepts it, but there is probably nothing
listening on this port. Run "netstat -Ainet -an | grep LISTEN" to
find out what ports are open to a server. Apache has nothing to do
with this. You should see port 80 open for Apache. The simple way to
have the SuSEfirewall block it is to set:
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
You may need to add other services besides these (Quake3 uses 27960
and up).
HTH
Quoting jonathan :
I have tried to find what this port is, can anybody tell me. And then
how do I block it? I am using the SuSEfirewall and it show an ACCEPT
and I would like to see a DENY if it is something I don't need. I am
running Apache on this machine so that might be the cause. TIA
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/support/faq