Re: unknown port open

Tue, 21 May 2002 20:18:02 -0700 

yeah try lsof -i and findout which processes are responsible for spawnage of these 
ports, and close them. If incase these ports do not show up in lsof, then prolly you 
have a trojanned losf (rarely) , and you need to pack yourself up for a forensics 
analysis.

Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk
voice: 92-21-4980523 92-21-4974781 

"Great is the Art of beginning, but Greater is the Art of ending. "

------BEGIN GEEK CODE BLOCK----
Version: 3.1
GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ 
P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- 
PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+
------END GEEK CODE BLOCK------


--- [EMAIL PROTECTED] wrote:
>Dear all
>
>I used the netstat -an and got the following unknown port
>What are the meaning and can I close it?
>
>Thank you
>
>Active UNIX domain sockets (servers and established)
>Proto RefCnt Flags       Type       State         I-Node Path
>unix  2      [ ACC ]     STREAM     LISTENING     1273   /tmp/cd_sockV4
>unix  2      [ ACC ]     STREAM     LISTENING     1314   /tmp/td_sockV4
>unix  2      [ ACC ]     STREAM     LISTENING     1255   /dev/gpmctl
>unix  3      [ ]         DGRAM                    2483   /dev/log
>unix  2      [ ACC ]     STREAM     LISTENING     1357
>/tmp/.font-unix/fs7100
>unix  2      [ ]         DGRAM                    2493
>unix  2      [ ]         DGRAM                    1368
>unix  2      [ ]         DGRAM                    1293
>unix  2      [ ]         DGRAM                    1222
>unix  2      [ ]         DGRAM                    1148
>unix  2      [ ]         STREAM     CONNECTED     605
>
>Proto Recv-Q Send-Q Local Address           Foreign Address
>State
>tcp        0      0 0.0.0.0:22321           0.0.0.0:*
>LISTEN
>tcp        0      0 0.0.0.0:22289           0.0.0.0:*
>LISTEN
>tcp        0      0 192.168.0.111:33307       203.255.112.96:37
>TIME_WAIT
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with [EMAIL PROTECTED] by 
Everyone.net  http://www.everyone.net/?btn=tag



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to