Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???

From: InHisGrip (servie_platon_at_yahoo.com)
Date: 07/22/04

Next message: Mark.Boltz_at_stonesoft.com: "Re: [fw-wiz] FEP - Firewall enhancement protocol"

Previous message: Darren Reed: "[fw-wiz] FEP - Firewall enhancement protocol"
Maybe in reply to: InHisGrip: "[fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
Next in thread: Victor Williams: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
Reply: Victor Williams: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Bruce Smith <bruce_the_loon@worldonline.co.za>
Date: Thu, 22 Jul 2004 10:58:16 -0700 (PDT)

Hi Bruce,

Thank you so much on your suggestions.

Incidentally, I am also contemplating on compiling and
building my own kernel this way, I could select which
options and services that I would need? What do you
think?

All of you guys are just awesome! You have given me
lots of ideas and I have learned a lot. Thanks again
everyone in this group!

InHisGrip,
Servie

--- Bruce Smith <bruce_the_loon@worldonline.co.za>
wrote:
> Hi Servie
>
> There's a tool called lsof on most linux systems, if
> it's not installed by
> default it'll be on the CD's,
> that can show which processes have the port open. I
> think the exact syntax
> is lsof -i
>
> That should be able to tell you what has opened the
> port and from there you
> should be able to
> see if it's a trojan or not. Feel free to send me
> the output of this if you
> need a hand.
>
> Regards
>
> Bruce Smith
>
>
> ----- Original Message -----
> From: "InHisGrip" <servie_platon@yahoo.com>
> To: "firewall-wizards"
> <firewall-wizards@honor.icsalabs.com>
> Sent: Thursday, July 22, 2004 1:52 AM
> Subject: [fw-wiz] Port 37628....Is it just another
> port or out of the extra
> ordinary???
>
>
> >
> > Hi everyone,
> >
> > I have setup an apache web server in my small home
> > network and have configured this web server by
> > enabling port forwarding for web requests and
> > redirection using a non standard port other than
> port
> > 80. I have also used my dns registrar/provider in
> > particular dyndns.org to do the job of custom dns
> and
> > redirecting web traffic on my host
> > machine.
> >
> > My question is related to security/firewall and in
> > particular with linux ports being compromised.
> Based
> > from the information below, can anyone please let
> me
> > know if the information I have attached based on
> open
> > ports or listening ports on the output will
> somehow
> > compromise my small home network or the linux web
> > server box I have just set up?
> >
> > Oh, by the way, just wanted to make sure because I
> > have placed the web server in a DMZ port and zone
> > from my linksys router and I think but not sure
> that
> > I am being shielded and protected atleast?
> Likewise, I
> > have enabled advanced firewall protection on my
> > linksys router. Am I just paranoid, or is there
> > something to get alarmed especially on port 37628
> > which has a LISTEN state on all interfaces or on
> the
> > Internet?
> >
> > Here is a copy of my netstat -an output:
> >
> > Active Internet connections (servers and
> established)
> > Proto Recv-Q Send-Q Local Address
> Foreign
> > Address State
> > tcp 0 0 0.0.0.0:32768
> 0.0.0.0:*
> > LISTEN
> > tcp 0 0 127.0.0.1:32769
> 0.0.0.0:*
> > LISTEN
> > tcp 0 0 127.0.0.1:783
> 0.0.0.0:*
> > LISTEN
> > tcp 0 0 0.0.0.0:111
> 0.0.0.0:*
> > LISTEN
> > tcp 0 0 0.0.0.0:22
> 0.0.0.0:*
> > LISTEN
> > tcp 0 0 127.0.0.1:25
> 0.0.0.0:*
> > LISTEN
> > tcp 0 0 0.0.0.0:8090
> 0.0.0.0:*
> > LISTEN
> > tcp 0 0 0.0.0.0:443
> 0.0.0.0:*
> > LISTEN
> > tcp 0 0 192.168.1.77:8090
> > 203.218.54.165:4061 TIME_WAIT
> > tcp 0 0 192.168.1.77:8090
> > 203.218.54.165:4060 TIME_WAIT
> > tcp 0 0 192.168.1.77:8090
> > 203.218.54.165:4063 TIME_WAIT
> > tcp 0 0 192.168.1.77:8090
> > 203.218.54.165:4059 TIME_WAIT
> > tcp 0 0 192.168.1.77:8090
> > 203.218.54.165:4073 TIME_WAIT
> > tcp 0 0 192.168.1.77:8090
> > 203.218.54.165:4072 TIME_WAIT
> > tcp 0 0 192.168.1.77:8090
> > 203.218.54.165:4074 TIME_WAIT
> > udp 0 0 0.0.0.0:32768
> 0.0.0.0:*
> >
> > udp 0 0 0.0.0.0:750
> 0.0.0.0:*
> >
> > udp 0 0 0.0.0.0:111
> 0.0.0.0:*
> >
> > Active UNIX domain sockets (servers and
> established)
> > Proto RefCnt Flags Type State
> > I-Node Path
> > unix 10 [ ] DGRAM
> 900
> > /dev/log
> > unix 2 [ ] DGRAM
> 1464
> >
> > unix 2 [ ] DGRAM
> 1402
> >
> > unix 2 [ ] DGRAM
> 1384
> >
> > unix 2 [ ] DGRAM
> 1370
> >
> > unix 2 [ ] DGRAM
> 1324
> >
> > unix 2 [ ] DGRAM
> 1050
> >
> > unix 2 [ ] DGRAM
> 966
> >
> > unix 2 [ ] DGRAM
> 908
> >
> >
> > I am asking this question because the URL below
> > mentioned about a trojan on his system and this
> could
> > also be happening to mine. Is this a security
> threat
> > both on UDP and TCP ports 32768 among others?
> >
> >
>
http://www.linuxquestions.org/questions/archive/4/2002/01/2/11641
> >
> > Any tips or thoughts on how to eliminate this
> threat
> > would be highly appreciated. Thanks in advance.
> >
> > Regards,
> > Servie
> >
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - 50x more storage than other
> providers!
> > http://promotions.yahoo.com/new_mail
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@honor.icsalabs.com
> >
>
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>

__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Mark.Boltz_at_stonesoft.com: "Re: [fw-wiz] FEP - Firewall enhancement protocol"

Previous message: Darren Reed: "[fw-wiz] FEP - Firewall enhancement protocol"
Maybe in reply to: InHisGrip: "[fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
Next in thread: Victor Williams: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
Reply: Victor Williams: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Remote Access
... Please rerun CEICW, this helps up configure network and websites ... On the Web Server Certificate page shows. ... http://ipaddress/remote to access RWW, type the public IP address in the ... that if SBS is behind a router, I need to configure the port forwarding ...
(microsoft.public.windows.server.sbs)
RE: seeking a better understanding
... listener (running on port 80), and tunnel any traffic they want through ... Maybe a firewall, an IDS if you're a bit parano, and: ... contain any break-in to the web server. ... I'd install Linux on that ...
(Security-Basics)
Re: disconnect a hacker
... My Web server station is right next ... my attention divided by security concerns... ... see an IP connected to port 80, ... I've been forwarding my firewall logs to my ISP, ...
(alt.computer.security)
Re: disconnect a hacker
... My Web server station is right next ... ]see an IP connected to port 80, ... ]I notice a significant number of probes on my firewall console window ... that the attacks on you are simply attacks on you amongst millions of ...
(alt.computer.security)
Re: What IP address do I have
... up an Apache web server on the box. ... I configured the firewall so that the port 8080 of my firewall was ... associated to port 8080 of my linux box. ...
(alt.os.linux.suse)