Billy Thank you for your help. I am running a redhat 7.2 box with an Ensim control panel (www.ensim.com) and found out that it was set up for a seperate program that interfaces with it. Their forum says that if you don't have the other program, that it was/is fine to shut down the ssh on that port. I have now done that.
Again, Thanks for the help. Steve At 11:14 AM 10/11/2002 -0400, you wrote: >Thats not good .. > >You using IPCHAINS or IPTABLES ? if so, set a rule to log activity . > >I would suggest finding out what kind of activity these people are up to >before knocking them off . Anotherwords get IP addresses , what they are >doing , etc. Then you have information to see what else they may have done. > >If its a cracked box , chances are they have a way of cracking the box again >. > >HTH >Billy > > > ---------- > > From: Steve Buehler[SMTP:[EMAIL PROTECTED]] > > Sent: Friday, October 11, 2002 11:05 AM > > To: Billy Quinn > > Subject: Re: FW: port 19635 > > > > hmmmm. fuser reports it as an sshd port. Looks like somebody has a > > backdoor into the system. Do you know how to block that port? > > > > Thanks > > Steve > > > > At 11:01 AM 10/11/2002 -0400, you wrote: > > >in case your not on the [EMAIL PROTECTED] mailing list :> > > > > > > > > > > ---------- > > > > From: Billy Quinn > > > > Sent: Friday, October 11, 2002 11:00 AM > > > > To: '[EMAIL PROTECTED]' > > > > Subject: RE: port 19635 > > > > > > > > fuser -v -n tcp 19635 > > > > > > > > is the way I usually find out whats using ports. You can also use > > netstat. > > > > > > > > Billy > > > > > > > > ---------- > > > > From: Steve Buehler[SMTP:[EMAIL PROTECTED]] > > > > Reply To: [EMAIL PROTECTED] > > > > Sent: Friday, October 11, 2002 10:53 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: port 19635 > > > > > > > > I am hoping that someone can help me out here. Doing an nmap -p > > > > '10000-65535' servername says that port 19635 is open. > > > > Port State Service > > > > 19635/tcp open unknown > > > > > > > > How can I find out what is using that port? It isn't in > > /etc/services. I > > > > > > > > want to make sure that it isn't a hacker. > > > > > > > > Thanks > > > > Steve > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > ow3 > > > > > > > > > > > > > > > > -- > > > > redhat-list mailing list > > > > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > > > >-- > > >This message has been scanned for viruses and > > >dangerous content by MailScanner, and is > > >believed to be clean. > > >ow3 > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > ow3 > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >ow3 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ow3 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list