Subject: Re: Weird Port Open
From: Patrick J. Larkin (plarkin@beth.k12.pa.us)
Date: Wed Apr 25 2001 - 08:33:05 MDT
> "Patrick J. Larkin" wrote:
>
>> Hi --
>>
>> I ran a Port Scan on my YDL machine and found port 1024 is open. Anyone
>> know what this is? An analysis program reported that it was a Trojan named
>> "Netspy" but all of my research shows this as a Windows trojan.
>>
>> Anyone have any suggestions on what can be done?
>>
>> --
>> Patrick Larkin
>> Information and Communications Technology
>> Bethlehem Area School District
>
> this is a known port to proxy services and i would suggest you shut it down or
> you could be used in an atteck against machines in the void. do setup and kill
> proxy and init 1 ; init 3 to make sure t is gone then do:
>
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 10.0.2.1:22 10.0.2.127:745
> ESTABLISHED
> tcp 0 20 10.0.2.1:22 10.0.2.127:661
> ESTABLISHED
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> raw 0 0 0.0.0.0:6 0.0.0.0:* 7
> raw 0 0 0.0.0.0:1 0.0.0.0:* 7
> raw 0 0 0.0.0.0:6 0.0.0.0:* 7
> Active UNIX domain sockets (servers and established)
> Proto RefCnt Flags Type State I-Node Path
> unix 2 [ ] DGRAM 410 /dev/log
> unix 0 [ ] DGRAM 657
> unix 0 [ ] DGRAM 422
> [root@zuul rc.d]#
>
> than you should be good.
>
> good luck :)
>
> -D
>
>
So are you saying I have a proxy server running. I have no idea what you
mean "do setup." Sorry...
-- Patrick Larkin Information and Communications Technology Bethlehem Area School District
This archive was generated by hypermail 2a24 : Wed Apr 25 2001 - 08:35:01 MDT