From owner-freebsd-questions Tue Jan 2 11:31:36 2001 From owner-freebsd-questions@FreeBSD.ORG Tue Jan 2 11:31:33 2001 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from renown.cnchost.com (renown.concentric.net [207.155.248.7]) by hub.freebsd.org (Postfix) with ESMTP id 01A3337B400 for ; Tue, 2 Jan 2001 11:31:29 -0800 (PST) Received: from chris (las-DSL113-cust059.mpowercom.net [208.57.113.59]) by renown.cnchost.com id OAA27785; Tue, 2 Jan 2001 14:31:28 -0500 (EST) [ConcentricHost SMTP Relay 1.10] Errors-To: Message-ID: <034801c074f2$9a7a7c40$0c00a8c0@amgroupadmin.com> From: "Chris Smith" To: "Freebsd Questions" References: <023301c074ed$6b248300$0c00a8c0@amgroupadmin.com> <20010102200021.E9236@d9168.upc-d.chello.nl> Subject: Re: open ports on my gateway...how do i find out what is running Date: Tue, 2 Jan 2001 11:31:28 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Disposition-Notification-To: "Chris Smith" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Output of lsof: # lsof | grep LISTEN sshd 189 root 4u IPv4 0xc4a6eb60 0t0 TCP *:ssh (LISTEN) The other ports are not listed...only the ssh which I expect Chris Smith _________________ IT Department American Group Administrators First National Administrators ----- Original Message ----- From: "Edwin Groothuis" To: "Chris Smith" Cc: "Freebsd Questions" Sent: Tuesday, January 02, 2001 11:00 AM Subject: Re: open ports on my gateway...how do i find out what is running > On Tue, Jan 02, 2001 at 10:54:11AM -0800, Chris Smith wrote: > > I ran nmap on my local gateway ( 4.2-STABLE FreeBSD 4.2-STABLE #0: Thu Dec > > 28 09:29:04 PST i386) and it shows the following ports open. Port 22-ssh > > is ok, but the rest are a mystery to me. > > > > How do I find out what processes are occupying these ports? I want to find > > out whether I have been hacked or if these are something else that I need to > > deactivate. The only port I expect to find open is 22. > > install lsof from the ports and do a grep for listen in the output: > > [~] edwin@p6>/usr/local/sbin/lsof | grep LISTEN > httpd-php 234 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) > httpd-php 235 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) > httpd-php 29560 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) > httpd-php 29561 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) > rom 43968 edwin 6u IPv4 0xc80ded80 0t0 TCP *:4000 (LISTEN) > rom 43968 edwin 7u IPv4 0xc80dd500 0t0 TCP *:4001 (LISTEN) > rom 43968 edwin 8u IPv4 0xc80e02e0 0t0 TCP *:4002 (LISTEN) > > Edwin > -- > Edwin Groothuis | Interested in MUDs? Visit Fatal Dimensions: > mavetju@chello.nl | http://fataldimensions.nl.eu.org/ > ------------------+ telnet://fataldimensions.nl.eu.org:4000 > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message