|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] how to tell which process binds to which port?
|
On 14/07/02 13:53 -0400, Fred K Ollinger wrote:
> I have a strange process binding to port 868 (unknown). I wonder how to
> find out what process is bound there so I can destroy it.
>
> I am finding that this unknown process binds to a port in the mid-800's
> each time I reboot. I keep blocking each port w/ ipchains, but this is not
> solving the underlying problem.
First note if it is listening for tcp or udp. You can use nmap for that.
Then try (as root):
# fuser 868/tcp (or 868/udp whichever it is)
That will respond with pid of daemon binding to that port. Then start you
investigation into wether you have been hacked or not.
Jon
>
> Am I hacked?
>
> Fred Ollinger (follinge@sas.upenn.edu)
> CCN sysadmin
>
>
> ______________________________________________________________________
> Philadelphia Linux Users Group - http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
--
----------------NOTE NEW EMAIL ADDRESS---------------------
Trooper Jon S. NELSON, Linux Certified Admin. (Sair/GNU)
Pennsylvania State Police, Computer Crimes Unit
Office: 610-344-4471
Page: 866-284-1603 (Toll Free)
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|