Date: Sat, 4 Sep 1999 13:02:11 -0400 (EDT) From: David Gilbert <dgilbert@velocet.ca> To: "N. N.M" <madrapour@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Tracing open ports on FreeBSD Message-ID: <14289.20627.316196.336184@trooper.velocet.ca> In-Reply-To: <19990904112855.43007.qmail@hotmail.com> References: <19990904112855.43007.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "N" == N N M <madrapour@hotmail.com> writes: N> Hi, 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are N> openly listening on my FreeBSD box. I don't know how this has N> happened, as they were not open before. They are related to X11 as N> far as I know. But I had already disabled XDM in /etc/ttys N> file. Could anybody tell me how I can disable this stuff? Or how N> they could get opened and listening? Generally, these are ssh. When you ssh into a machine and have X forwarding on, these ports are open --- one port for each ssh connection. N> 2) This is some time that two UDP ports have got opened as N> well. Again, I don't have any idea on how they have got N> enabled. The ports are 1352 and 2699. Generally, how I can trace N> when a port gets suddenly enabled? try lsof -i:1352 .... Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14289.20627.316196.336184>