Date: Tue, 2 Jan 2001 20:00:22 +0100 From: Edwin Groothuis <mavetju@chello.nl> To: Chris Smith <chris@amgroupadmin.com> Cc: Freebsd Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: open ports on my gateway...how do i find out what is running Message-ID: <20010102200021.E9236@d9168.upc-d.chello.nl> In-Reply-To: <023301c074ed$6b248300$0c00a8c0@amgroupadmin.com>; from chris@amgroupadmin.com on Tue, Jan 02, 2001 at 10:54:11AM -0800 References: <023301c074ed$6b248300$0c00a8c0@amgroupadmin.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 02, 2001 at 10:54:11AM -0800, Chris Smith wrote: > I ran nmap on my local gateway ( 4.2-STABLE FreeBSD 4.2-STABLE #0: Thu Dec > 28 09:29:04 PST i386) and it shows the following ports open. Port 22-ssh > is ok, but the rest are a mystery to me. > > How do I find out what processes are occupying these ports? I want to find > out whether I have been hacked or if these are something else that I need to > deactivate. The only port I expect to find open is 22. install lsof from the ports and do a grep for listen in the output: [~] edwin@p6>/usr/local/sbin/lsof | grep LISTEN httpd-php 234 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) httpd-php 235 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) httpd-php 29560 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) httpd-php 29561 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) rom 43968 edwin 6u IPv4 0xc80ded80 0t0 TCP *:4000 (LISTEN) rom 43968 edwin 7u IPv4 0xc80dd500 0t0 TCP *:4001 (LISTEN) rom 43968 edwin 8u IPv4 0xc80e02e0 0t0 TCP *:4002 (LISTEN) Edwin -- Edwin Groothuis | Interested in MUDs? Visit Fatal Dimensions: mavetju@chello.nl | http://fataldimensions.nl.eu.org/ ------------------+ telnet://fataldimensions.nl.eu.org:4000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010102200021.E9236>