try this as root: lsof | grep -i listen then yell have the names of the processes opening certain ports....
On Thu, 2003-03-13 at 09:40, Pius Lee wrote: > Hi, I recently used nmap to portscan my machine from another pc and > found that i've got the following ports open: > > 22 (ssh) > 25 (smtp) > 113 (pop-3) > > Now, I'm very sure that I only started the sshd daemon and I DON'T even > have an smtp/pop3/any kind of mail server installed. Running "netstat -l > -p --inet" gives: > > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name > tcp 0 0 *:sunrpc *:* LISTEN > 5168/portmap > tcp 0 0 localhost:731 *:* LISTEN > 5219/fam > udp 0 0 *:sunrpc *:* > 5168/portmap > tcp 0 0 *:ssh *:* LISTEN > 6564/sshd > > > I don't see port 25 or 113 open, but why does nmap list them as so? > Blocking the ports with iptables would probably solve the problem, but > to get to the root of it, would tracking the daemons responsible for > opening them be a better solution? How should I go about doing it then? > > Thanks for all comments and feedback! > > > -- > [EMAIL PROTECTED] mailing list -- Nicholas Hockey (Tilt) <[EMAIL PROTECTED]> Unix Administrator Encrypted E-Mail is preferred.. -------------------------------------------------------------------- GnuPG KeyID 4EDE2B84 Key fingerprint = B916 6032 BE3D 490D 2A08 F1BC 948A A4C1 4EDE 2B84 HKP: gpg --keyserver pgp.mit.edu --recv-keys 4EDE2B84 LDAP: gpg --keyserver ldap://keyserver.pgp.com --recv-keys 4EDE2B84 -------------------------------------------------------------------- -- [EMAIL PROTECTED] mailing list
