From owner-freebsd-security  Wed Dec 12 22:59:11 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sanyu1.sanyutel.com (sanyu1.sanyutel.com [216.250.215.14])
	by hub.freebsd.org (Postfix) with ESMTP id 9953437B43A
	for <freebsd-security@FreeBSD.ORG>; Wed, 12 Dec 2001 22:58:57 -0800 (PST)
Received: from localhost (ksemat@localhost)
	by sanyu1.sanyutel.com (8.11.3/) with ESMTP id fBD71Mp09128;
	Thu, 13 Dec 2001 10:01:22 +0300
Date: Thu, 13 Dec 2001 10:01:22 +0300 (EAT)
From: <ksemat@sanyutel.com>
To: "Mr. Chan" <bacid@ottawa.com>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: Question about port 50000
In-Reply-To: <5.0.2.1.0.20011212185722.00aaa098@90.0.0.3>
Message-ID: <Pine.LNX.4.33.0112130958500.8774-100000@sanyu1.sanyutel.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


> tcp4       0      0  *.50000                *.*                    LISTEN
>
> Now this is a brand new installation, so i doubt i got hacked/root kitted..

well it cannot put itself therefore someone put it there. There are lots
of automated exploits for ssh and telnet out there in the wild that could
infect your system quickly.

I do not have anything like that on my brand new FreeBSD 4.4-STABLE
machine therefore I do not think it is a default freebsd application
running on that port.

Noah.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message