Date: Sat, 4 Sep 1999 15:00:06 +0400 From: Alexey Zelkin <phantom@cris.net> To: "N. N.M" <madrapour@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Tracing open ports on FreeBSD Message-ID: <19990904150006.A2526@scorpion.crimea.ua> In-Reply-To: <19990904112855.43007.qmail@hotmail.com> References: <19990904112855.43007.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, On Sat, Sep 04, 1999 at 04:28:53AM -0700, N. N.M wrote: > 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly > listening on my FreeBSD box. I don't know how this has happened, as they > were not open before. They are related to X11 as far as I know. But I had > already disabled XDM in /etc/ttys file. Could anybody tell me how I can > disable this stuff? Or how they could get opened and listening? > > 2) This is some time that two UDP ports have got opened as well. Again, I > don't have any idea on how they have got enabled. The ports are 1352 and > 2699. Generally, how I can trace when a port gets suddenly enabled? I can propose idea how to understand which process used this port. for example -- how to find process which opened port 80 (aka http) $ netstat -Ana | grep \*\.80 f0625d00 tcp 0 0 *.80 *.* LISTEN $ fstat | grep f00625d00 nobody httpd 200 15* internet stream tcp f00625d00 first field is process owner second - name of process third - pid -- /* Alexey Zelkin && phantom@cris.net */ /* Tavrical National University && phantom@crimea.edu */ /* http://www.ccssu.crimea.ua/~phantom && phantom@FreeBSD.org */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990904150006.A2526>