Date: Tue, 19 Feb 2019 21:53:50 -0500 From: Greg Veldman <freebsd@gregv.net> To: BBlister <bblister@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Cannot identify process of listening port 600/tcp6 Message-ID: <20190220025350.GE98237@aurora.gregv.net> In-Reply-To: <1550602404163-0.post@n6.nabble.com> References: <1550339000372-0.post@n6.nabble.com> <5b5f72fc-c054-ea43-6602-e7bdb742d657@sentex.net> <1550602404163-0.post@n6.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 19, 2019 at 11:53:24AM -0700, BBlister wrote: > Yes you are right. If I kill rpc.lockd the two listening ports disappear. If > I re-execute, then I can see two new unknown listening ports on other > locations. For example, now I have 815/tcp4 and 874/tcp6 . > > So I believe I should ask the freebsd-hackers which rpc.lockd cannot be > listed on the sockstat or lsof (which means that this could be a way for a > malicious process to do exactly what lockd does and open ports without being > identified). rpcinfo -p on the host should show you all running RPC services and the port they're listening on. It's another good thing to check besides lsof/sockstat when looking for open ports. -- Greg Veldman freebsd@gregv.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190220025350.GE98237>