From owner-freebsd-questions@FreeBSD.ORG Tue Aug 24 12:13:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBE7516A4DA for ; Tue, 24 Aug 2004 12:13:58 +0000 (GMT) Received: from zep4.it-austria.net (zep4.it-austria.net [213.150.1.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3122743D41 for ; Tue, 24 Aug 2004 12:13:58 +0000 (GMT) (envelope-from pinhead@delicious.stderror.at) Received: from delicious.stderror.at (unknown [10.24.28.114]) by zep4.it-austria.net (Postfix) with ESMTP id C998C33B6A for ; Tue, 24 Aug 2004 14:13:56 +0200 (CEST) Received: by delicious.stderror.at (Postfix, from userid 501) id B95836F6A6; Tue, 24 Aug 2004 14:13:23 +0200 (CEST) Date: Tue, 24 Aug 2004 14:13:23 +0200 From: Toni Schmidbauer To: questions@freebsd.org Message-ID: <20040824121323.GA626@stderror.at> Mail-Followup-To: questions@freebsd.org References: <5.2.1.1.0.20040824000315.01a74178@mail.dc2.adelphia.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP" Content-Disposition: inline In-Reply-To: <5.2.1.1.0.20040824000315.01a74178@mail.dc2.adelphia.net> Phone: +43 664 3502198 X-WWW-Home-Page: http://stderror.at X-PGP-Fingerprint: 53F2 28AE 8070 83E0 AFEC 0ABC BBF9 A34A 3ED1 3287 X-Operating-System: Darwin User-Agent: Mutt/1.5.6i Subject: Re: portscan looks like.... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: toni@stderror.at List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2004 12:13:59 -0000 --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 24, 2004 at 12:12:10AM -0400, Bob Ababurko wrote: > PORT STATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 111/tcp open rpcbind > 1023/tcp open netvenuechat with sockstat(1) its possible to list which daemon is listing on which port. the column PID shows the corresponding process id. a simple kill should be enough to stop that daemon.=20 but indeed 1023 looks interesting. if you really don't know which kind of daemon is listing on that port, i would try telneting to it. hopefully it's not some kind of root backdoor :-) hth, toni --=20 Wer es einmal so weit gebracht hat, dass er nicht | toni at stderror dot at mehr irrt, der hat auch zu arbeiten aufgehoert | Toni Schmidbauer -- Max Planck | --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBKzDju/mjSj7RMocRAlyKAJ0RFXD7xeH1zsLwE/L/HEIcHtDZ4ACfVg3W HutXpWAGoWJsomdpnKc2iZM= =SY9K -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--