Re: Port 32768/tcp

From: Andreas Hasenack (andreas@netbank.com.br)
Date: 08/29/01


Date: Wed, 29 Aug 2001 00:01:09 -0300
From: Andreas Hasenack <andreas@netbank.com.br>
To: focus-linux@securityfocus.com
Subject: Re: Port 32768/tcp
Message-ID: <20010829000109.C987@netbank.com.br>

Em Wed, Aug 29, 2001 at 12:43:38AM +0200, gminick escreveu:
> > tcp 0 0
> > 0.0.0.0:32768 0.0.0.0:* LISTEN
> > 475/rpc.statd
>
> It looks strange.
> Take a look at chkrootkit (www.chkrootkit.org).

Telnet to it and see what shows up... :)
Also check /proc/$PID/fd and /proc/$PID itself