Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 4 Sep 1999 21:00:07 +0100
From:      Dominic Mitchell <Dom.Mitchell@palmerharvey.co.uk>
To:        Alexey Zelkin <phantom@cris.net>
Cc:        "N. N.M" <madrapour@hotmail.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: Tracing open ports on FreeBSD
Message-ID:  <19990904210006.A73676@voodoo.pandhm.co.uk>
In-Reply-To: <19990904150006.A2526@scorpion.crimea.ua>; from Alexey Zelkin on Sat, Sep 04, 1999 at 03:00:06PM %2B0400
References:  <19990904112855.43007.qmail@hotmail.com> <19990904150006.A2526@scorpion.crimea.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 04, 1999 at 03:00:06PM +0400, Alexey Zelkin wrote:
> On Sat, Sep 04, 1999 at 04:28:53AM -0700, N. N.M wrote:
> 
> > 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly 
> > listening on my FreeBSD box. I don't know how this has happened, as they 
> > were not open before. They are related to X11 as far as I know. But I had 
> > already disabled XDM in /etc/ttys file. Could anybody tell me how I can 
> > disable this stuff? Or how they could get opened and listening?

Most likely an ssh connection...  ssh has numbered X servers.

> > 2) This is some time that two UDP ports have got opened as well. Again, I 
> > don't have any idea on how they have got enabled. The ports are 1352 and 
> > 2699. Generally, how I can trace when a port gets suddenly enabled?
> 
> I can propose idea how to understand which process used this port.
> 
> for example -- how to find process which opened port 80 (aka http)

If you're running a fairly recent FreeBSD (it was in 3.2), the sockstat
utility will do this for you.
-- 
Dom Mitchell -- Palmer & Harvey McLane -- Unix Systems Administrator

"Ordinary folks who don't understand computers don't deserve to be
 mocked. Ordinary people who want to use their computers but refuse to
 learn anything about them do." -- slashdot comment


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990904210006.A73676>