Resolved: [PLUG] Isn't this a lot of ports to have open?
Stafford A. Rau
srau at rauhaus.org
Wed Sep 11 17:15:49 UTC 2002
* Mike De La Mater <mikedela at ipns.com> [020911 09:31]:
> Yup, that would do it, let's see...
>
> YEAH- you were right, no ports I didn't intend. I also
> switched my portsentry mode to stealth.
Just a note - lsof is a great tool for situations like this. It also
doesn't seem to be trojaned by many rootkits when netstat and ps almost
always are. Just to be safe, it's good to keep a statically link known
good copy on read-only media.
# lsof -i | grep 31337
fakebo 9177 root 4u IPv4 1888270 UDP *:31337
# ps -p 9177
PID TTY TIME CMD
9177 ? 00:00:00 fakebo
--Stafford
More information about the PLUG
mailing list