From owner-freebsd-questions  Tue Jan  2 11: 0:26 2001
From owner-freebsd-questions@FreeBSD.ORG  Tue Jan  2 11:00:24 2001
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from d9168.upc-d.chello.nl (d9168.upc-d.chello.nl [213.46.9.168])
	by hub.freebsd.org (Postfix) with ESMTP id B6CAA37B400
	for <freebsd-questions@FreeBSD.ORG>; Tue,  2 Jan 2001 11:00:23 -0800 (PST)
Received: by d9168.upc-d.chello.nl (Postfix, from userid 1001)
	id 171BD2E2; Tue,  2 Jan 2001 20:00:22 +0100 (CET)
Date: Tue, 2 Jan 2001 20:00:22 +0100
From: Edwin Groothuis <mavetju@chello.nl>
To: Chris Smith <chris@amgroupadmin.com>
Cc: Freebsd Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: open ports on my gateway...how do i find out what is running
Message-ID: <20010102200021.E9236@d9168.upc-d.chello.nl>
Mail-Followup-To: Edwin Groothuis <mavetju@chello.nl>,
	Chris Smith <chris@amgroupadmin.com>,
	Freebsd Questions <freebsd-questions@FreeBSD.ORG>
References: <023301c074ed$6b248300$0c00a8c0@amgroupadmin.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <023301c074ed$6b248300$0c00a8c0@amgroupadmin.com>; from chris@amgroupadmin.com on Tue, Jan 02, 2001 at 10:54:11AM -0800
Sender: edwin@d9168.upc-d.chello.nl
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Jan 02, 2001 at 10:54:11AM -0800, Chris Smith wrote:
> I ran nmap on my local gateway ( 4.2-STABLE FreeBSD 4.2-STABLE #0: Thu Dec
> 28 09:29:04 PST  i386) and it shows the following ports open.  Port 22-ssh
> is ok, but the rest are a mystery to me.
> 
> How do I find out what processes are occupying these ports?  I want to find
> out whether I have been hacked or if these are something else that I need to
> deactivate.  The only port I expect to find open is 22.

install lsof from the ports and do a grep for listen in the output:

[~] edwin@p6>/usr/local/sbin/lsof | grep LISTEN
httpd-php   234 edwin   17u  IPv4 0xc80d9b60        0t0     TCP *:http (LISTEN)
httpd-php   235 edwin   17u  IPv4 0xc80d9b60        0t0     TCP *:http (LISTEN)
httpd-php 29560 edwin   17u  IPv4 0xc80d9b60        0t0     TCP *:http (LISTEN)
httpd-php 29561 edwin   17u  IPv4 0xc80d9b60        0t0     TCP *:http (LISTEN)
rom       43968 edwin    6u  IPv4 0xc80ded80        0t0     TCP *:4000 (LISTEN)
rom       43968 edwin    7u  IPv4 0xc80dd500        0t0     TCP *:4001 (LISTEN)
rom       43968 edwin    8u  IPv4 0xc80e02e0        0t0     TCP *:4002 (LISTEN)

Edwin
-- 
Edwin Groothuis   |           Interested in MUDs? Visit Fatal Dimensions:
mavetju@chello.nl |                     http://fataldimensions.nl.eu.org/
------------------+               telnet://fataldimensions.nl.eu.org:4000


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message