|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] how to tell which process binds to which port?
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fred K Ollinger wrote:
| I have a strange process binding to port 868 (unknown). I wonder how to
| find out what process is bound there so I can destroy it.
Check for strange entrys in xinetd.conf or inetd.conf (depending on your
flavor). Thats one place that some worms or hackers set up listeners.
Also, try telnet to that port and see what you get. If you get a shell
without need of a password you have been hacked.
| Am I hacked?
Try http://www/chkrootkit.com for a great utility used in searching for
known hacks and root kits.
Also, if you are hacked you may have a trojanized netstat and ps (among
others) so try running those from a floppy.
You may be able to tell from the preceding that I have had this less
than desirable experience :-(
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7-nullify-r3 (Windows 98)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE9MdJ4K3KGHMBjApYRAprkAKCgszYs+d0VUklJZmmnn2+PWjVXrACfdRT5
MpFKkVBhxW+ZzD/IsJv3S50=
=v8RP
-----END PGP SIGNATURE-----
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|