Re: Weird Port Open

Subject: Re: Weird Port Open
From: cdowns (cdowns@skillsoft.com)
Date: Wed Apr 25 2001 - 08:24:55 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Patrick J. Larkin: "Re: Weird Port Open"
• Previous message: Patrick J. Larkin: "Weird Port Open"
• In reply to: Patrick J. Larkin: "Weird Port Open"
• Next in thread: Patrick J. Larkin: "Re: Weird Port Open"
• Reply: cdowns: "Re: Weird Port Open"

"Patrick J. Larkin" wrote:

> Hi --
>
> I ran a Port Scan on my YDL machine and found port 1024 is open. Anyone
> know what this is? An analysis program reported that it was a Trojan named
> "Netspy" but all of my research shows this as a Windows trojan.
>
> Anyone have any suggestions on what can be done?
>
> --
> Patrick Larkin
> Information and Communications Technology
> Bethlehem Area School District

this is a known port to proxy services and i would suggest you shut it down or
you could be used in an atteck against machines in the void. do setup and kill
proxy and init 1 ; init 3 to make sure t is gone then do:

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.0.2.1:22 10.0.2.127:745
ESTABLISHED
tcp 0 20 10.0.2.1:22 10.0.2.127:661
ESTABLISHED
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
raw 0 0 0.0.0.0:6 0.0.0.0:* 7
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
raw 0 0 0.0.0.0:6 0.0.0.0:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 410 /dev/log
unix 0 [ ] DGRAM 657
unix 0 [ ] DGRAM 422
[root@zuul rc.d]#

than you should be good.

good luck :)

-D

• Next message: Patrick J. Larkin: "Re: Weird Port Open"
• Previous message: Patrick J. Larkin: "Weird Port Open"
• In reply to: Patrick J. Larkin: "Weird Port Open"
• Next in thread: Patrick J. Larkin: "Re: Weird Port Open"
• Reply: cdowns: "Re: Weird Port Open"

This archive was generated by hypermail 2a24 : Wed Apr 25 2001 - 08:27:11 MDT