Billy
Thank you for your help. I am running a redhat 7.2 box with an
Ensim control panel (www.ensim.com) and found out that it was set up for a
seperate program that interfaces with it. Their forum says that if you
don't have the other program, that it was/is fine to shut down the ssh on
that port. I have now done that.
Again, Thanks for the help.
Steve
At 11:14 AM 10/11/2002 -0400, you wrote:
>Thats not good ..
>
>You using IPCHAINS or IPTABLES ? if so, set a rule to log activity .
>
>I would suggest finding out what kind of activity these people are up to
>before knocking them off . Anotherwords get IP addresses , what they are
>doing , etc. Then you have information to see what else they may have done.
>
>If its a cracked box , chances are they have a way of cracking the box again
>.
>
>HTH
>Billy
>
> > ----------
> > From: Steve Buehler[SMTP:[EMAIL PROTECTED]]
> > Sent: Friday, October 11, 2002 11:05 AM
> > To: Billy Quinn
> > Subject: Re: FW: port 19635
> >
> > hmmmm. fuser reports it as an sshd port. Looks like somebody has a
> > backdoor into the system. Do you know how to block that port?
> >
> > Thanks
> > Steve
> >
> > At 11:01 AM 10/11/2002 -0400, you wrote:
> > >in case your not on the [EMAIL PROTECTED] mailing list :>
> > >
> > >
> > > > ----------
> > > > From: Billy Quinn
> > > > Sent: Friday, October 11, 2002 11:00 AM
> > > > To: '[EMAIL PROTECTED]'
> > > > Subject: RE: port 19635
> > > >
> > > > fuser -v -n tcp 19635
> > > >
> > > > is the way I usually find out whats using ports. You can also use
> > netstat.
> > > >
> > > > Billy
> > > >
> > > > ----------
> > > > From: Steve Buehler[SMTP:[EMAIL PROTECTED]]
> > > > Reply To: [EMAIL PROTECTED]
> > > > Sent: Friday, October 11, 2002 10:53 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: port 19635
> > > >
> > > > I am hoping that someone can help me out here. Doing an nmap -p
> > > > '10000-65535' servername says that port 19635 is open.
> > > > Port State Service
> > > > 19635/tcp open unknown
> > > >
> > > > How can I find out what is using that port? It isn't in
> > /etc/services. I
> > > >
> > > > want to make sure that it isn't a hacker.
> > > >
> > > > Thanks
> > > > Steve
> > > >
> > > >
> > > > --
> > > > This message has been scanned for viruses and
> > > > dangerous content by MailScanner, and is
> > > > believed to be clean.
> > > > ow3
> > > >
> > > >
> > > >
> > > > --
> > > > redhat-list mailing list
> > > > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
> > > > https://listman.redhat.com/mailman/listinfo/redhat-list
> > > >
> > > >
> > >
> > >--
> > >This message has been scanned for viruses and
> > >dangerous content by MailScanner, and is
> > >believed to be clean.
> > >ow3
> >
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> > ow3
> >
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>ow3
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
ow3
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
