From owner-freebsd-security Sat Sep 4 10: 2:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from trooper.velocet.ca (trooper.velocet.net [216.126.82.226]) by hub.freebsd.org (Postfix) with ESMTP id D50FD15135 for ; Sat, 4 Sep 1999 10:02:17 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.9.3/8.9.3) id NAA45902; Sat, 4 Sep 1999 13:02:11 -0400 (EDT) (envelope-from dgilbert) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14289.20627.316196.336184@trooper.velocet.ca> Date: Sat, 4 Sep 1999 13:02:11 -0400 (EDT) To: "N. N.M" Cc: freebsd-security@FreeBSD.ORG Subject: Tracing open ports on FreeBSD In-Reply-To: <19990904112855.43007.qmail@hotmail.com> References: <19990904112855.43007.qmail@hotmail.com> X-Mailer: VM 6.71 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "N" == N N M writes: N> Hi, 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are N> openly listening on my FreeBSD box. I don't know how this has N> happened, as they were not open before. They are related to X11 as N> far as I know. But I had already disabled XDM in /etc/ttys N> file. Could anybody tell me how I can disable this stuff? Or how N> they could get opened and listening? Generally, these are ssh. When you ssh into a machine and have X forwarding on, these ports are open --- one port for each ssh connection. N> 2) This is some time that two UDP ports have got opened as N> well. Again, I don't have any idea on how they have got N> enabled. The ports are 1352 and 2699. Generally, how I can trace N> when a port gets suddenly enabled? try lsof -i:1352 .... Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message