|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: locate ports
From: Scott Webster (SWebster
STEWART.COM)Date: Tue Aug 08 2000 - 15:28:35 CDT
- Next message: Matt Wyczalkowski: "Re: ssh chroot, restricted shell"
- Previous message: John Madden: "Re: locate ports"
- Maybe in reply to: Omar Armas Aleman: "locate ports"
- Next in thread: Doug Davis: "Re: locate ports"
- Next in thread: Sam Hunter: "Re: locate ports"
- Maybe reply: Scott Webster: "Re: locate ports"
- Reply: Doug Davis: "Re: locate ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Port 4000 could be a trojan - AKA Skydance
Port 6000 could be a trojan - AKA The Thing
-----Original Message-----
From: Omar Armas Aleman [mailto:oarmasMPS.COM.MX]
Sent: Tuesday, August 08, 2000 10:48 AM
To: FOCUS-LINUXSECURITYFOCUS.COM
Subject: locate ports
I installed PortSentry in a Linux box (RH 6.2), but when I restart sentry
it appears in my logs:
Aug 8 10:43:42 linux portsentry[10322]: adminalert: Going into listen
mode on TCP port: 4000
Aug 8 10:43:42 linux portsentry[10322]: adminalert: ERROR: could not bind
TCP socket: 4000. Attempting to continue
Aug 8 10:43:43 linux portsentry[10322]: adminalert: Going into listen
mode on TCP port: 6000
Aug 8 10:43:43 linux portsentry[10322]: adminalert: ERROR: could not bind
TCP socket: 6000. Attempting to continue
Why are these ports opened? How can I stop it?
I've been looking for this ports in /etc/inetd.conf and /etc/services.
--Omar
- Next message: Matt Wyczalkowski: "Re: ssh chroot, restricted shell"
- Previous message: John Madden: "Re: locate ports"
- Maybe in reply to: Omar Armas Aleman: "locate ports"
- Next in thread: Doug Davis: "Re: locate ports"
- Next in thread: Sam Hunter: "Re: locate ports"
- Maybe reply: Scott Webster: "Re: locate ports"
- Reply: Doug Davis: "Re: locate ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]