Date: Thu, 4 Apr 2002 11:34:54 -0500 From: "Scott M. Nolde" <scott@smnolde.com> To: Mike Dewhirst <Dewhirst.M@UCLES.org.uk> Cc: "'questions@freebsd.org'" <questions@freebsd.org> Subject: Re: have I been hacked?! Message-ID: <20020404113454.A21519@smnolde.com> In-Reply-To: <0B0368CED76DD4118E1200D0B73E9B5D041E9FA5@MAIL1>; from Dewhirst.M@UCLES.org.uk on Thu, Apr 04, 2002 at 05:13:15PM %2B0100 References: <0B0368CED76DD4118E1200D0B73E9B5D041E9FA5@MAIL1>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Dewhirst(Dewhirst.M@UCLES.org.uk)@2002.04.04 17:13:15 +0000: > I did a netscan of my box (which I;ve not done for 2-3 months or so) and > spotted this: > > 1505/tcp open funkproxy > 4008/tcp open netcheque > > I've never heard of either. > > Has the system been compromised? > > Any help would be extremely appreciated. > > Mike > Making the wild assumption you haven't been hacked, I'd suggest you try sockstat | grep -E "1505|4008" to see who owns the processess using those sockets. From there you kill the processes (if shown) and perhaps even firewall those ports from communicating to the inet. -- Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020404113454.A21519>