From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 24 06:37:05 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D49D016A4CE
	for <questions@freebsd.org>; Tue, 24 Aug 2004 06:37:05 +0000 (GMT)
Received: from zephon.secspace.de (zephon.secspace.de [62.75.136.210])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 74CC643D31
	for <questions@freebsd.org>; Tue, 24 Aug 2004 06:37:05 +0000 (GMT)
	(envelope-from ml@ps102.de)
Received: from ariel.office.volker.de (pD9E1CDEB.dip.t-dialin.net
	[217.225.205.235])
	by zephon.secspace.de (Postfix) with ESMTP id C4E776EB3B;
	Tue, 24 Aug 2004 08:37:02 +0200 (CEST)
Date: Tue, 24 Aug 2004 08:37:30 +0200
From: Volker Kindermann <ml@ps102.de>
To: Bob Ababurko <ababurko@adelphia.net>
Message-Id: <20040824083730.0cbf11b6@ariel.office.volker.de>
In-Reply-To: <5.2.1.1.0.20040824000315.01a74178@mail.dc2.adelphia.net>
References: <5.2.1.1.0.20040824000315.01a74178@mail.dc2.adelphia.net>
X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: questions@freebsd.org
Subject: Re: portscan looks like....
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Aug 2004 06:37:06 -0000

Hi Bob,


> PORT     STATE SERVICE
> 22/tcp   open  ssh
> 25/tcp   open  smtp
> 80/tcp   open  http
> 111/tcp  open  rpcbind
> 1023/tcp open  netvenuechat
> 
> now, i made a faux pas when i configured this machine and had made
> this a nfs client...i belive that was the case.  I am now interested
> in turning this off, and will be able to do that with
> rpcbind_enable="NO" in rc.conf.

perfectly.


>      Then there is the case of the port 1023.  I have no idea how to
>      turn 
> this off or how it got turned on.  Could the rpcbind allowed someone
> into my computer to hack it up?  I am pretty scared at this point. 

First try to disable rpcbind and look afterwards, if port 1023 is still
open. If it ist, install lsof from ports. This tool will tell you which
application is listening on this port.


 -volker