Re: What are these ports?
From: dx (dx@sxu.cjb.net)Date: 10/30/02
- Next message: : "Re: What if..."
- Previous message: Jürgen: "Porttools for download? But where?"
- In reply to: Eirik Seim: "Re: What are these ports?"
- Next in thread: Eirik Seim: "Re: What are these ports?"
- Reply: Eirik Seim: "Re: What are these ports?"
- Reply: : "Re: What are these ports?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "dx" <dx@sxu.cjb.net> Date: Wed, 30 Oct 2002 10:28:56 -0800
"Eirik Seim" <eirik@mi.uib.no> wrote in message
news:slrnarvicp.s77.eirik@kain.mi.uib.no...
> On Wed, 30 Oct 2002 09:14:24 +0300, Tracker escaped from her doctor and
> wrote this while screaming and dodging guards around her hospital:
>
> > Eirik Seim wrote:
> > > On Tue, 29 Oct 2002 22:37:28 -0800, DX wrote:
> > > > When i use "nmap" program do a port scan on my own Linux web server
i find
> > > > these three entries that i don't recognize:
> > > >
> > > > 111/tcp open sunrpc
> > >
> > > Bad.
> >
> > Thought this service only ran on a Windows Platform?
>
> I bet you did. Not surprised at all.
>
> > > > 1024/tcp open kdm
> > >
> > > Bad.
> > >
> > > > 8009/tcp open ajp13
> > >
> > > > I am running Redhat Linux.
> > > > 1).Does anyone know what these three ports are? Could you tell me
briefly
> > > > what they do?
> > >
> > > sunrpc is the RPC portmapper, it is needed when running services such
as
> > > NFS, YP and similar. Switch it off, or close the port with iptables.
> > >
> >
> > They can't switch it off if the malicious hackers have already
installed a
> > Backdoor or Trojan Horse on the infected system.
>
> Blah, blah. Tell me, how do I enable Redhat to show hidden files and
> folders?
>
> > > 8009 could be lots of exciting things, including a backdoor left
behind by
> > > system crackers. Try 'lsof -Pi | grep LIST | grep 8009'.
> > >
> > > > 2). Are they enabled by default?
> >
> > Yes
>
> I'm amazed! How can you tell, even when you did not know these services
> existed on Linux servers?
>
> > > 111, yes. 1024 only if you do a 'workstation' install, I guess. 8009
> > > is rather impossible to tell, but probably not enabled by default.
> > >
> >
> > You might have a system already compromised/hacked.
>
> Everyone might.
>
> To the OP, don't ever listen to Tracker. She is a sick woman who needs
> medical care. Over the last week or so, she has actually posted a few
> URLs containing really good information, so there might be hope. If only
> she read those URLs herself.
>
>
> - Eirik
> --
> New and exciting signature!
>
thank you for all of your replies. I try to execute this command:
# lsof -Pi | grep LIST | grep 8009
java 15927 root 9u IPv4 122261 TCP *:8009 (LISTEN)
java 15928 root 9u IPv4 122261 TCP *:8009 (LISTEN)
java 15929 root 9u IPv4 122261 TCP *:8009 (LISTEN)
java 15930 root 9u IPv4 122261 TCP *:8009 (LISTEN)
java 15931 root 9u IPv4 122261 TCP *:8009 (LISTEN)
java 15932 root 9u IPv4 122261 TCP *:8009 (LISTEN)
java 15933 root 9u IPv4 122261 TCP *:8009 (LISTEN)
java 15934 root 9u IPv4 122261 TCP *:8009 (LISTEN)
java 15935 root 9u IPv4 122261 TCP *:8009 (LISTEN)
<snipped>
Since i install both Apache and Tomcat on my web server, do you think port
8009 is used by Tomcat? Do you think i'd better leave this port open?
I will do more research on how to "build a packet filter" from google.
but how can i allow "ssh connections from trusted hosts only?" what
keywords do you think i should use when doing the searching?
By saying "No outgoing connections at all" do you mean that from my
webserver, i can't use ssh to connect to another machine, etc? What
keywords should i use to search for information on this area?
Thank you.
- Next message: : "Re: What if..."
- Previous message: Jürgen: "Porttools for download? But where?"
- In reply to: Eirik Seim: "Re: What are these ports?"
- Next in thread: Eirik Seim: "Re: What are these ports?"
- Reply: Eirik Seim: "Re: What are these ports?"
- Reply: : "Re: What are these ports?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
