Dominic Mitchell <[EMAIL PROTECTED]> writes: > Dave Hodgkinson <[EMAIL PROTECTED]> writes: > > out of date DNS and wu.ftpd are also a given. Worth portscanning any > > servers you own for weird open ports... > > Rather than portscanning yourself (and tripping off your own alarms > :-) it's much easier to just do "netstat -an | grep -w LISTEN" and > see what is listening. You can trace back to the original process > using lsof(8)[1].
Or even just double check your system configuration files (inetd.conf, rc.local or whatever) manually. There is a tendancy for people to "shut down services" in a non-persistant way (so nmap/lsof will report them as absent) and then forget to ensure they aren't restarted on reboot. They then get hacked three months down the line when a power outage causes a reboot and a restart of that dodgy RPC service. -- Steve Mynott <[EMAIL PROTECTED]>
