|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] ROOTKIT ?
From: dproc (dproc
dol.net)
Date: Thu Nov 06 2003 - 19:58:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Michael!
On Thu, 06 Nov 2003, Michael Maldener wrote:
> Hallo Linux-Friends,
> I scanned my own box (my own dynamic IP) when I was online with:
> netcat -v -z 80.131.118.62 1-65535
> p5083763E.dip.t-dialin.net [80.131.118.62] 33352 (?) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 32769 (filenet-rpc) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 32768 (filenet-tms) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 6000 (?) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 631 (ipp) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 111 (sunrpc) open
> p5083763E.dip.t-dialin.net [80.131.118.62] 22 (ssh) open
>
> And now I am afraid not be alone on my box !?
>
> What could I do now to close the unwanted ports?
The personal-firewall package in the SuSE distro should block all
of these for you, while you work out which services you don't need.
> x11 6000-6063/tcp X Window System
> Is this port necessary for a local machine, when I dont want X-forwarding?
No - not at all necessary in this case. Google the archives of this
list for "-nolisten tcp" to find out how to turn it off for your
version of SuSE Linux. Then restart X, and run netcat again to
confirm it is off.
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]