Date: Sat, 4 Sep 1999 21:00:07 +0100 From: Dominic Mitchell <Dom.Mitchell@palmerharvey.co.uk> To: Alexey Zelkin <phantom@cris.net> Cc: "N. N.M" <madrapour@hotmail.com>, freebsd-security@FreeBSD.ORG Subject: Re: Tracing open ports on FreeBSD Message-ID: <19990904210006.A73676@voodoo.pandhm.co.uk> In-Reply-To: <19990904150006.A2526@scorpion.crimea.ua>; from Alexey Zelkin on Sat, Sep 04, 1999 at 03:00:06PM %2B0400 References: <19990904112855.43007.qmail@hotmail.com> <19990904150006.A2526@scorpion.crimea.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 04, 1999 at 03:00:06PM +0400, Alexey Zelkin wrote: > On Sat, Sep 04, 1999 at 04:28:53AM -0700, N. N.M wrote: > > > 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly > > listening on my FreeBSD box. I don't know how this has happened, as they > > were not open before. They are related to X11 as far as I know. But I had > > already disabled XDM in /etc/ttys file. Could anybody tell me how I can > > disable this stuff? Or how they could get opened and listening? Most likely an ssh connection... ssh has numbered X servers. > > 2) This is some time that two UDP ports have got opened as well. Again, I > > don't have any idea on how they have got enabled. The ports are 1352 and > > 2699. Generally, how I can trace when a port gets suddenly enabled? > > I can propose idea how to understand which process used this port. > > for example -- how to find process which opened port 80 (aka http) If you're running a fairly recent FreeBSD (it was in 3.2), the sockstat utility will do this for you. -- Dom Mitchell -- Palmer & Harvey McLane -- Unix Systems Administrator "Ordinary folks who don't understand computers don't deserve to be mocked. Ordinary people who want to use their computers but refuse to learn anything about them do." -- slashdot comment ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990904210006.A73676>