Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 23 Aug 2004 23:37:53 -0500 (CDT)
From:      Mike Silbersack <silby@silby.com>
To:        Bob Ababurko <ababurko@adelphia.net>
Cc:        freebsd-net@freebsd.org
Subject:   Re: portscan looks like.....
Message-ID:  <20040823233645.D1165@odysseus.silby.com>
In-Reply-To: <5.2.1.1.0.20040824002044.00aded88@mail.dc2.adelphia.net>
References:  <5.2.1.1.0.20040824002044.00aded88@mail.dc2.adelphia.net>

next in thread | previous in thread | raw e-mail | index | archive | help

On Tue, 24 Aug 2004, Bob Ababurko wrote:

> Hello-
>
>  I have just done a portscan on my FreeBSD box running 5.2.1 and got :
>
> PORT     STATE SERVICE
> 22/tcp   open  ssh
> 25/tcp   open  smtp
> 80/tcp   open  http
> 111/tcp  open  rpcbind
> 1023/tcp open  netvenuechat
>
> now, i made a faux pas when i configured this machine and had made this a nfs 
> client...i belive that was the case.  I am now interested in turning this 
> off, and will be able to do that with rpcbind_enable="NO" in rc.conf.
>    Then there is the case of the port 1023.  I have no idea how to turn this 
> off or how it got turned on.  Could the rpcbind allowed someone into my 
> computer to hack it up?  I am pretty scared at this point.  Can somone help 
> me?
>
> thanks,
> Bob

Use sockstat to see which program is attached to which socket.  IIRC, RPC 
services are assigned semi-random ports, so 1023 might be what one of the 
NFS services was assigned that time.

Mike "Silby" Silbersack



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040823233645.D1165>