Date: Mon, 23 Aug 2004 23:37:53 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Bob Ababurko <ababurko@adelphia.net> Cc: freebsd-net@freebsd.org Subject: Re: portscan looks like..... Message-ID: <20040823233645.D1165@odysseus.silby.com> In-Reply-To: <5.2.1.1.0.20040824002044.00aded88@mail.dc2.adelphia.net> References: <5.2.1.1.0.20040824002044.00aded88@mail.dc2.adelphia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Aug 2004, Bob Ababurko wrote: > Hello- > > I have just done a portscan on my FreeBSD box running 5.2.1 and got : > > PORT STATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 111/tcp open rpcbind > 1023/tcp open netvenuechat > > now, i made a faux pas when i configured this machine and had made this a nfs > client...i belive that was the case. I am now interested in turning this > off, and will be able to do that with rpcbind_enable="NO" in rc.conf. > Then there is the case of the port 1023. I have no idea how to turn this > off or how it got turned on. Could the rpcbind allowed someone into my > computer to hack it up? I am pretty scared at this point. Can somone help > me? > > thanks, > Bob Use sockstat to see which program is attached to which socket. IIRC, RPC services are assigned semi-random ports, so 1023 might be what one of the NFS services was assigned that time. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040823233645.D1165>