Re: Port 785 = Network Terrorist?
From: Bit Twister (BitTwister_at_localhost.localdomain)
Date: 08/05/04
- Next message: David Brown: "Re: Linux to Microsoft Proxy Server connection."
- Previous message: Mark Adams: "Re: Port 785 = Network Terrorist?"
- In reply to: Mark Adams: "Re: Port 785 = Network Terrorist?"
- Next in thread: Travis Casey: "Re: Port 785 = Network Terrorist?"
- Reply: Travis Casey: "Re: Port 785 = Network Terrorist?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 05 Aug 2004 04:51:47 GMT
On Wed, 04 Aug 2004 22:13:28 -0600, Mark Adams wrote:
>>
>
> Looks like it might be benign. Here's the poop:
>
> [root@adamsmdk madams]# netstat -tunap|grep 785
> tcp 0 0 0.0.0.0:785 0.0.0.0:*
> LISTEN 2723/rpc.statd
Looking on my Mandrake 10 box I have
$ netstat -tunap | grep rpc
tcp 0 0 0.0.0.0:931 0.0.0.0:* LISTEN 22797/rpc.statd
tcp 0 0 0.0.0.0:981 0.0.0.0:* LISTEN 22850/rpc.mountd
udp 0 0 0.0.0.0:925 0.0.0.0:* 22797/rpc.statd
udp 0 0 0.0.0.0:928 0.0.0.0:* 22797/rpc.statd
udp 0 0 0.0.0.0:978 0.0.0.0:* 22850/rpc.mountd
and
$ grep rpc /etc/services
sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
rpc2portmap 369/tcp
rpc2portmap 369/udp # Coda portmapper
courier 530/tcp rpc
I would have guessed the service port would have been the same as
netsat ports.
If Bill's suggestion
rpm -Va | grep '..5' > /tmp/verify
does not show changes to /sbin/rpc.statd your good.
You might want to go ahead and compile the chkroot and run it just to
have some experience.
- Next message: David Brown: "Re: Linux to Microsoft Proxy Server connection."
- Previous message: Mark Adams: "Re: Port 785 = Network Terrorist?"
- In reply to: Mark Adams: "Re: Port 785 = Network Terrorist?"
- Next in thread: Travis Casey: "Re: Port 785 = Network Terrorist?"
- Reply: Travis Casey: "Re: Port 785 = Network Terrorist?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
