Date: Thu, 6 Jan 2000 14:29:48 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: wjm@gate.net (William Melanson) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: netstat -a | grep LISTEN (question) Message-ID: <200001061929.OAA20342@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.A41.4.03.10001061246340.29682-100000@inca.gate.net> from William Melanson at "Jan 6, 2000 01:14:25 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
William Melanson wrote, > > Hello all, > > tcp 0 0 *.http *.* LISTEN > tcp 0 0 *.6000 *.* LISTEN > tcp 0 0 *.1024 *.* LISTEN > tcp 0 0 *.smtp *.* LISTEN > tcp 0 0 *.pop3 *.* LISTEN > tcp 0 0 *.telnet *.* LISTEN > tcp 0 0 *.ftp *.* LISTEN > > > The only listening ports I'm curious about are 6000 which points to the X > Window System and 1024 which says (within /etc/services) it's a registered > port. Do these 2 listening ports possibly represent a venue for an > intruder to compromise? Does anyone have a bit more info in regards to > these 2 open ports in question? Do, % netstat -A | grep LISTEN And note the address of the sockets of interets. Then, % fstat | grep <sock_addr> To find the process that has it open. Actually, sockstat(1) probably can do all of this really easily, but I have not quite got the hang of it yet; it's fairly new. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001061929.OAA20342>