Resolved: [PLUG] Isn't this a lot of ports to have open?

Stafford A. Rau srau at rauhaus.org
Wed Sep 11 17:15:49 UTC 2002


* Mike De La Mater <mikedela at ipns.com> [020911 09:31]:
> Yup, that would do it, let's see...
> 
> YEAH- you were right, no ports I didn't intend. I also 
> switched my portsentry mode to stealth.

Just a note - lsof is a great tool for situations like this. It also
doesn't seem to be trojaned by many rootkits when netstat and ps almost
always are. Just to be safe, it's good to keep a statically link known
good copy on read-only media.

# lsof -i | grep 31337
fakebo     9177 root    4u  IPv4 1888270       UDP *:31337 
# ps -p 9177
  PID TTY          TIME CMD
 9177 ?        00:00:00 fakebo

--Stafford




More information about the PLUG mailing list