Re: Open Ports
From: Chris (I_don't_want_spam_at_earthlink.net)
Date: 07/14/04
- Next message: ynotssor: "Re: thanks"
- Previous message: Luis P. Mendes: "thanks"
- Next in thread: Brad Olin: "Re: Open Ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 13 Jul 2004 22:42:57 GMT
Gary Petersen wrote:
> Let's try to keep it in the newsgroups mostly.
>
> You seem to have a lot of services running!
>
> Try this (as root):
>
> netstat -pnlut
And the results are:
[root@chris chris]# netstat -pnlut
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:645 0.0.0.0:* LISTEN
1312/ypserv
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN
11319/perl5.8.0
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
1242/portmap
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
2330/perl
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
1812/X
tcp 0 0 192.168.1.2:53 0.0.0.0:* LISTEN
1638/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
1638/named
tcp 0 0 0.0.0.0:886 0.0.0.0:* LISTEN
1555/rpc.ypxfrd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
1789/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
2164/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
1638/named
udp 0 0 0.0.0.0:32768 0.0.0.0:*
1638/named
udp 0 0 0.0.0.0:642 0.0.0.0:*
1312/ypserv
udp 0 0 0.0.0.0:10000 0.0.0.0:*
2330/perl
udp 0 0 0.0.0.0:801 0.0.0.0:*
1896/rpc.yppasswdd
udp 0 0 192.168.1.2:53 0.0.0.0:*
1638/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
1638/named
udp 0 0 0.0.0.0:111 0.0.0.0:*
1242/portmap
udp 0 0 0.0.0.0:884 0.0.0.0:*
1555/rpc.ypxfrd
udp 0 0 0.0.0.0:631 0.0.0.0:*
1789/cupsd
udp 0 0 192.168.1.2:123 0.0.0.0:*
32451/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:*
32451/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:*
32451/ntpd
> Also do this:
>
> ps auxwwwwwww
And the result of that is:
[root@chris chris]# ps auxwwwwwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1288 84 ? S Jun28 0:04 init
root 2 0.0 0.0 0 0 ? SW Jun28 0:01 [keventd]
root 3 0.0 0.0 0 0 ? SW Jun28 0:00 [kapmd]
root 4 0.0 0.0 0 0 ? SWN Jun28 0:00
[ksoftirqd_CPU0]
root 5 0.0 0.0 0 0 ? SW Jun28 1:11 [kswapd]
root 6 0.0 0.0 0 0 ? SW Jun28 0:00 [bdflush]
root 7 0.0 0.0 0 0 ? SW Jun28 0:01 [kupdated]
root 8 0.0 0.0 0 0 ? SW< Jun28 0:00 [mdrecoveryd]
root 12 0.0 0.0 0 0 ? SW Jun28 0:16 [kjournald]
root 96 0.0 0.0 1708 204 ? S Jun28 0:00 devfsd /dev
root 183 0.0 0.0 0 0 ? SW Jun28 0:00 [khubd]
root 338 0.0 0.0 0 0 ? SW Jun28 0:05 [kjournald]
root 339 0.0 0.0 0 0 ? SW Jun28 0:02 [kjournald]
root 652 0.0 0.0 0 0 ? SW Jun28 0:00 [eth0]
rpc 1242 0.0 0.0 1420 4 ? S Jun28 0:00 portmap
root 1256 0.0 0.1 1360 360 ? S Jun28 0:09 syslogd -m 0
root 1264 0.0 0.0 2020 156 ? S Jun28 0:00 klogd -2
root 1312 0.0 0.0 1420 4 ? S Jun28 0:00 ypserv
xfs 1486 0.0 1.1 10676 2836 ? S Jun28 1:41 xfs -port -1
-dae
mon -droppriv -user xfs
root 1538 0.0 0.0 1268 4 ? S Jun28 0:00
/usr/sbin/apmd -p
10 -w 5 -W -P /etc/sysconfig/apm-scripts/apmd_proxy
root 1555 0.0 0.0 1468 4 ? S Jun28 0:00 rpc.ypxfrd
root 1571 0.0 0.0 2628 4 ? S Jun28 0:00 /bin/sh
/etc/X11/
prefdm
daemon 1599 0.0 0.0 1312 108 ? S Jun28 0:00 /usr/sbin/atd
root 1603 0.0 0.0 2204 4 ? S Jun28 0:00
/usr/sbin/autolog
in
root 1621 0.0 0.0 1500 4 ? S Jun28 0:00 saslauthd -a
pam
-T
named 1638 0.0 0.1 11012 472 ? S Jun28 0:00 named -u
named
named 1642 0.0 0.1 11012 472 ? S Jun28 0:00 named -u
named
named 1670 0.0 0.1 11012 472 ? S Jun28 0:00 named -u
named
named 1671 0.0 0.1 11012 472 ? S Jun28 0:00 named -u
named
named 1697 0.0 0.1 11012 472 ? S Jun28 0:00 named -u
named
root 1789 0.0 1.2 7828 3188 ? S Jun28 0:06 cupsd
chris 1800 0.0 0.0 2384 4 ? S Jun28 0:00 /bin/sh
/usr/X11R
6/bin/startx
chris 1811 0.0 0.0 2164 4 ? S Jun28 0:00 xinit
/etc/X11/xi
nit/xinitrc -- -deferglyphs 16
root 1812 6.9 17.3 329304 44652 ? S Jun28 1501:37 /etc/X11/X
:0 -d
eferglyphs 16
root 1896 0.0 0.0 1568 4 ? S Jun28 0:00 rpc.yppasswdd
chris 2000 0.0 0.0 2388 4 ? S Jun28 0:00 /bin/sh
/usr/bin/
startkde
root 2164 0.0 0.0 3784 188 ? S Jun28 0:04
/usr/lib/postfix/
master
postfix 2178 0.0 0.1 3976 460 ? S Jun28 0:20 nqmgr -l -n
qmgr
-t fifo -u -c
root 2312 0.0 0.0 1492 124 ? S Jun28 0:00 crond
root 2330 0.0 0.2 8336 712 ? S Jun28 0:01 /usr/bin/perl
/us
r/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
root 2477 0.0 0.0 1248 4 vc/1 S Jun28 0:00
/sbin/mingetty tt
y1
root 2478 0.0 0.0 1248 4 vc/2 S Jun28 0:00
/sbin/mingetty tt
y2
root 2479 0.0 0.0 1248 4 vc/3 S Jun28 0:00
/sbin/mingetty tt
y3
root 2480 0.0 0.0 1248 4 vc/4 S Jun28 0:00
/sbin/mingetty tt
y4
root 2483 0.0 0.0 1248 4 vc/5 S Jun28 0:00
/sbin/mingetty tt
y5
root 2484 0.0 0.0 1248 4 vc/6 S Jun28 0:00
/sbin/mingetty tt
y6
chris 2603 0.0 0.3 23480 996 ? S Jun28 0:03 kdeinit:
Running.
..
chris 2606 0.0 0.3 23460 812 ? S Jun28 0:07 kdeinit:
dcopserv
er --nosid
chris 2609 0.0 0.7 24784 1864 ? S Jun28 0:01 kdeinit:
klaunche
r
chris 2611 0.0 0.4 26748 1240 ? S Jun28 13:19 kdeinit: kded
chris 2620 0.0 0.1 7872 440 ? S Jun28 0:09
/usr/bin/artsd -F
10 -S 4096 -a alsa -s 60 -m artsmessage -l 3 -f
chris 2630 0.0 0.4 29284 1056 ? S Jun28 0:07 kdeinit:
knotify
chris 2631 0.0 0.0 1324 36 ? S Jun28 0:00 kwrapper
ksmserve
r --restore
chris 2633 0.0 0.4 25212 1172 ? S Jun28 0:06 kdeinit:
ksmserve
r --restore
chris 2634 0.0 1.7 29360 4408 ? S Jun28 4:27 kdeinit: kwin
-se
ssion 11c0a80102000107236349800000024710000
chris 2637 0.0 1.7 32556 4384 ? S Jun28 2:38 kdeinit:
kdesktop
chris 2653 0.0 0.2 26088 648 ? S Jun28 0:04 kdeinit:
kwrited
chris 2654 0.0 0.2 24456 692 ? S Jun28 0:08 kwikdisk
-session
11c0a80102000107236357800000024710010
chris 2659 0.0 1.1 23328 2972 ? S Jun28 10:51 kpager
-session 1
1c0a80102000107236351400000024710005
chris 2660 0.0 0.2 25492 660 ? S Jun28 0:07 korgac
--miniicon
korganizer
chris 2662 0.0 0.2 25392 652 ? S Jun28 0:07 kalarmd
--login
chris 2689 0.0 0.1 18008 320 ? S Jun28 0:00
/usr/bin/kdesud
root 3218 0.0 0.0 1336 60 ? S Jun28 0:01 gpm -t ps/2
-m /d
ev/psaux
chris 3337 0.3 1.4 18292 3812 ? S Jun28 74:58 gkrellm -c
stack1
chris 3338 2.7 1.4 18816 3704 ? S Jun28 581:20 gkrellm -c
stack2
chris 3339 1.0 1.1 17092 3028 ? S Jun28 229:41 gkrellm -c
stack3
chris 3347 0.1 0.0 1644 176 ? S Jun28 40:07 /usr/bin/esd
-ter
minate -nobeeps -as 2 -spawnfd 9
chris 3348 0.0 1.4 18816 3704 ? S Jun28 0:11 gkrellm -c
stack2
chris 3349 0.0 1.1 17092 3028 ? S Jun28 0:12 gkrellm -c
stack3
chris 3350 0.0 1.4 18292 3812 ? S Jun28 0:31 gkrellm -c
stack1
chris 4012 0.0 3.6 38424 9452 ? S Jun28 8:45 kdeinit:
kicker
chris 5227 0.0 0.2 26572 684 ? S Jun28 0:13 kdeinit:
kio_uise
rver
chris 13814 0.0 0.2 25492 636 ? S Jun29 0:05 kdeinit:
kcookiej
ar
root 32451 0.0 0.6 1712 1704 ? SL Jul11 0:00 ntpd -A
root 10304 0.0 0.0 2688 4 ? SN Jul11 0:00
/usr/bin/prelude_
report -qd -P /var/run/prelude_report.pid
root 10315 0.0 0.2 12408 536 ? SN Jul11 0:40
/usr/bin/prelude
-qd -P /var/run/prelude.pid -i eth0
root 10316 0.0 0.2 12408 536 ? SN Jul11 0:00
/usr/bin/prelude
-qd -P /var/run/prelude.pid -i eth0
root 10317 0.0 0.1 2692 308 ? SN Jul11 0:00
/usr/bin/prelude_
report -qd -P /var/run/prelude_report.pid
root 10318 0.0 0.2 12408 536 ? SN Jul11 0:00
/usr/bin/prelude
-qd -P /var/run/prelude.pid -i eth0
chris 5120 0.0 0.2 4228 756 ? S Jul11 0:06 xscreensaver
-nos
plash
chris 27820 0.0 0.5 6100 1416 ? S Jul11 0:01
/usr/bin/Eterm
chris 27823 0.0 0.0 2792 4 pts/3 S Jul11 0:00 -bash
root 27865 0.0 0.0 2264 4 pts/3 S Jul11 0:00 su
root 27868 0.0 0.3 2760 816 pts/3 S Jul11 0:00 bash
chris 16818 0.8 6.6 36664 17136 ? S Jul12 10:06 kmail
-caption KM
ail -icon kmail.png -miniicon kmail.png
chris 17023 0.0 0.6 23812 1624 ? S Jul12 0:02 kdeinit:
kio_pop3
pop3 /tmp/ksocket-chris/klauncherkTsghc.slave-socket
/tmp/ksocket-chris/kmailhL
tjQa.slave-socket
root 11319 0.4 15.4 41972 39808 ? S 17:19 0:04
/usr/bin/perl5.8.
0 -T -w /usr/bin/spamd -d -c -a -H -m 1
postfix 11401 0.0 0.4 3888 1284 ? S 17:20 0:00 pickup -l -t
fifo
-u -c
chris 11927 1.1 7.7 47296 19936 ? S 17:30 0:02 knode
-caption KN
ode -icon knode.png -miniicon knode.png
chris 11929 0.0 7.7 47296 19936 ? S 17:30 0:00 knode
-caption KN
ode -icon knode.png -miniicon knode.png
chris 11930 0.0 7.7 47296 19936 ? S 17:30 0:00 knode
-caption KN
ode -icon knode.png -miniicon knode.png
chris 11931 0.0 7.7 47296 19936 ? S 17:30 0:00 knode
-caption KN
ode -icon knode.png -miniicon knode.png
root 12091 0.0 0.3 2604 792 pts/3 R 17:34 0:00 ps auxwwwwwww
[root@chris chris]#
> I crossposted this to comp.os.linux.security because they are likely to
> know what is normal for a Fedora/Redhat system.
>
> Your system is probably not compromised, but I would freak out if I had
> so many listening ports.
>
> (Follups are set to comp.os.linux.security.)
Also, below are the results of me trying to enter my system from a friends
house:
[allen@localhost allen]$ telnet
telnet> open
(to) XX.XX.XXX.XX
Trying XX.XX.XXX.XX...
Connected to tx-XX-XX-XXX-XX.dyn.sprint-hsd.net (XX.XX.XXX.XX).
Escape character is '^]'.
Connection closed by foreign host.
[allen@localhost allen]$ ftp XX.XX.XXX.XX
Connected to XX.XX.XXX.XX.
421 Service not available, remote server has closed connection
ftp>
[2]+ Stopped ftp XX.XX.XXX.XX
[allen@localhost allen]$
Failure To Connect To Web Server
Failure To Connect To Web Server
-- Chris Registered Linux User 283774 http://counter.li.org 5:32pm up 14 days, 22:52, 2 users, load average: 0.10, 0.11, 0.14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ignorance is bliss. -- Thomas Gray Fortune updates the great quotes, #42: BLISS is ignorance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Next message: ynotssor: "Re: thanks"
- Previous message: Luis P. Mendes: "thanks"
- Next in thread: Brad Olin: "Re: Open Ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
