Re: What are these ports?
From: Eirik Seim (eirik@mi.uib.no)Date: 10/30/02
- Next message: : "Re: ZoneAlarm Pro install with Anonymizer"
- Previous message: Vibes: "Re: Best firewall"
- In reply to: Tracker: "Re: What are these ports?"
- Next in thread: dx: "Re: What are these ports?"
- Reply: dx: "Re: What are these ports?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: eirik@mi.uib.no (Eirik Seim) Date: 30 Oct 2002 11:59:21 GMT
On Wed, 30 Oct 2002 09:14:24 +0300, Tracker escaped from her doctor and
wrote this while screaming and dodging guards around her hospital:
> Eirik Seim wrote:
> > On Tue, 29 Oct 2002 22:37:28 -0800, DX wrote:
> > > When i use "nmap" program do a port scan on my own Linux web server i find
> > > these three entries that i don't recognize:
> > >
> > > 111/tcp open sunrpc
> >
> > Bad.
>
> Thought this service only ran on a Windows Platform?
I bet you did. Not surprised at all.
> > > 1024/tcp open kdm
> >
> > Bad.
> >
> > > 8009/tcp open ajp13
> >
> > > I am running Redhat Linux.
> > > 1).Does anyone know what these three ports are? Could you tell me briefly
> > > what they do?
> >
> > sunrpc is the RPC portmapper, it is needed when running services such as
> > NFS, YP and similar. Switch it off, or close the port with iptables.
> >
>
> They can't switch it off if the malicious hackers have already installed a
> Backdoor or Trojan Horse on the infected system.
Blah, blah. Tell me, how do I enable Redhat to show hidden files and
folders?
> > 8009 could be lots of exciting things, including a backdoor left behind by
> > system crackers. Try 'lsof -Pi | grep LIST | grep 8009'.
> >
> > > 2). Are they enabled by default?
>
> Yes
I'm amazed! How can you tell, even when you did not know these services
existed on Linux servers?
> > 111, yes. 1024 only if you do a 'workstation' install, I guess. 8009
> > is rather impossible to tell, but probably not enabled by default.
> >
>
> You might have a system already compromised/hacked.
Everyone might.
To the OP, don't ever listen to Tracker. She is a sick woman who needs
medical care. Over the last week or so, she has actually posted a few
URLs containing really good information, so there might be hope. If only
she read those URLs herself.
- Eirik
-- New and exciting signature!
- Next message: : "Re: ZoneAlarm Pro install with Anonymizer"
- Previous message: Vibes: "Re: Best firewall"
- In reply to: Tracker: "Re: What are these ports?"
- Next in thread: dx: "Re: What are these ports?"
- Reply: dx: "Re: What are these ports?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
