Date: Tue, 24 Aug 2004 14:13:23 +0200 From: Toni Schmidbauer <toni@stderror.at> To: questions@freebsd.org Subject: Re: portscan looks like.... Message-ID: <20040824121323.GA626@stderror.at> In-Reply-To: <5.2.1.1.0.20040824000315.01a74178@mail.dc2.adelphia.net> References: <5.2.1.1.0.20040824000315.01a74178@mail.dc2.adelphia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 24, 2004 at 12:12:10AM -0400, Bob Ababurko wrote: > PORT STATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 111/tcp open rpcbind > 1023/tcp open netvenuechat with sockstat(1) its possible to list which daemon is listing on which port. the column PID shows the corresponding process id. a simple kill <pid> should be enough to stop that daemon.=20 but indeed 1023 looks interesting. if you really don't know which kind of daemon is listing on that port, i would try telneting to it. hopefully it's not some kind of root backdoor :-) hth, toni --=20 Wer es einmal so weit gebracht hat, dass er nicht | toni at stderror dot at mehr irrt, der hat auch zu arbeiten aufgehoert | Toni Schmidbauer -- Max Planck | --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBKzDju/mjSj7RMocRAlyKAJ0RFXD7xeH1zsLwE/L/HEIcHtDZ4ACfVg3W HutXpWAGoWJsomdpnKc2iZM= =SY9K -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040824121323.GA626>