From owner-freebsd-security Wed Nov 21 21:20:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from oksala.org (modemcable005.86-201-24.timi.mc.videotron.ca [24.201.86.5]) by hub.freebsd.org (Postfix) with ESMTP id 082FE37B417 for ; Wed, 21 Nov 2001 21:20:47 -0800 (PST) Received: from videotron.ca (silence [24.201.86.5]) by oksala.org (8.11.6/8.11.1) with ESMTP id fAM5JF571917 for ; Thu, 22 Nov 2001 00:19:16 -0500 (EST) (envelope-from oksala@videotron.ca) Message-ID: <3BFC8AD3.8DC9E56D@videotron.ca> Date: Thu, 22 Nov 2001 00:19:15 -0500 From: Pierre-Luc =?iso-8859-1?Q?Lesp=E9rance?= X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 Cc: security@freebsd.org Subject: Re: Unknown transient service 1528/tcp References: <020801c1730b$8cd21fe0$41414fcb@lawn> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Geoff Lawn wrote: > > Hi there, > > I regularly do an nmap on our server with the following results... > > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 25/tcp open smtp > 110/tcp open pop-3 > 443/tcp open https > > Recently I noticed the following service appear... > 1528/tcp open mciautoreg > The best way to figure out what's listening on your computer may be netstat and sockstat. Because nmap by default *does not test All ports. for example netstat -an | grep LISTEN sockstat is very usefull too. take a look . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message