They indicate outbound ftp connections from your system to another. On Tue, 24 Sep 2002, Steve Buehler wrote:
> BTW, those two ports (4156 and 4154) do not show up in the > /etc/services. I had already checked there. Apparantly, those are the > outbound ports. Someone else pointed me to use netstat -anp and that gave > me the process id which I traced down to McAfee's autoupdate program that > is used in conjunction with our MailScanner program. > > Thanks > Steve > > At 09:32 PM 9/24/2002 -0400, you wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >On Tuesday 24 September 2002 09:00 pm, Steve Buehler wrote: > > > Can anybody point me to a list of ports would be used on a linux based > > > system. I have a weird one showing up on a netstat report: > > > >The file /etc/services is a good place to start. > > > > > /etc# netstat -na | grep 161.69.201.237 > > > tcp 0 0 > > > my_machines_ip_here:4156 161.69.201.237:20 ESTABLISHED > > > tcp 128 0 > > > my_machines_ip_here:4154 161.69.201.237:21 CLOSE > > > >Looks like an ftp session from your machine to 161.69.201.237 > > > > > I am trying to find out what they are because I received an report from > > > another server: > > > "Possible slapper worm infected host on your network. My timezone is > > > GMT 0" > > > > > > I have checked my version of openssl and it is 0.9.6-3. I noticed that > > > the fix for the Linux.Slapper.Worm (according to Redhats site) is to > > > have at least version 0.9.5a-29. So theoretically, I shouldn't have a > > > problem with that worm.....I think. > > > >Have you checked the contents of /tmp? The worm doesn't do much to hide > >it's presence. If infected, you'll probably find the file bugtrac.c in > >that directory. Note, newer versions of the worm have been found, the > >file names have changed but the evidence still exists in /tmp, I believe. > > > >- -- > >- -Michael > > > >pgp key: http://www.tuxfan.homeip.net:8080/gpgkey.txt > >Red Hat Linux 7.{2,3} in 8M of RAM: http://www.rule-project.org/ > >- -- > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.0.6 (GNU/Linux) > >Comment: For info see http://www.gnupg.org > > > >iEYEARECAAYFAj2REh8ACgkQn/07WoAb/StiDACfYh0E85WZXbnKr3RJ2kbDZFT4 > >hsAAn2oez4ZfzNzfev4C2uplaYitQF98 > >=tFpZ > >-----END PGP SIGNATURE----- > > > > > > > >-- > >redhat-list mailing list > >unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > >https://listman.redhat.com/mailman/listinfo/redhat-list > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > >ow3 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > ow3 > > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list