Re: Port 785 = Network Terrorist?
From: jayjwa (jayjwa_at_nowhere.org)
Date: Fri, 06 Aug 2004 05:50:06 -0000
On 2004-08-05, Bit Twister <BitTwister@localhost.localdomain> wrote:
> On Thu, 05 Aug 2004 09:55:11 +0800, Leung WC wrote:
>> Wrong. Most linux distribution executes EVERYTHING in certain
>> directories. So you only need to add files into those directories to run
>> malicious programs, without modifying anything rpm wrote.
> Even though the description of the trogan is for a windows box, untill
> the OP gets back with us with the program name that has the port open,
> we all will be just guessing and giving the OP things to check.
> We need the name of the program.
lsof = List Open Files
Nice thing to have. amap is good for finding exactly what's on remote
ports (or local too, I guess).
I'd try actually connecting to the port too. Anything can run on
pretty much any port. I've recently seen backdoors on 1984, 3010.
SSH's on 913, etc. I could run ftp on 785, if I wanted to, so it could
-- --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++