Date: Mon, 18 Feb 2019 01:36:35 -0800 From: Doug Hardie <bc979@lafn.org> To: BBlister <bblister@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Cannot identify process of listening port 600/tcp6 Message-ID: <5B3B92BC-BD58-4FA3-B6BD-16BA74A8D944@mail.sermon-archive.info> In-Reply-To: <1550472991548-0.post@n6.nabble.com> References: <1550339000372-0.post@n6.nabble.com> <20190216185344.95cb4ec3.freebsd@edvax.de> <1550341736004-0.post@n6.nabble.com> <ED59A34B-1AAA-46F1-81E1-4127ABD5C875@bsdops.com> <1550345837921-0.post@n6.nabble.com> <1550472991548-0.post@n6.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 17 February 2019, at 22:56, BBlister <bblister@gmail.com> wrote: > > From FreeBSD Forums > https://forums.freebsd.org/threads/listening-port-600-tcp6-cannot-be-mapped-to-process-am-i-hacked.69624/#post-417787 > >> You could make the firewall log activity on that port. >> Also, you can use tcpdump to analyze the content of the datagrams. >> If I recall correctly, nmap has a service discovery mode and it can try to >> detect what exactly is listening on > the port. >> > > My reply: > I have executed tcpdump for 24 hours but I couln't receive/send any packet > destined for that port. This is a passive way of detecting what is > happening, and involves reverse engineering, because the datagram may be > encrypted. > > It is difficult to wait for a packet to arrive or depart on port 600 (maybe > it is trojan waiting to be activated?). > > I find it strange that FreeBSD does not have a tool to detect kernel > listening sockets and the only way to detect what is happening it just by > sniffing and trying to figure out the datagrams. > > > What should I try next? Possibly https://www.linuxquestions.org/questions/linux-security-4/nessus-security-notes-about-ipcserver-port-600-a-339908/ might provide some helpful information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5B3B92BC-BD58-4FA3-B6BD-16BA74A8D944>