Subject: Re: Weird Port Open
From: cdowns (cdowns@skillsoft.com)
Date: Wed Apr 25 2001 - 10:02:41 MDT
"Patrick J. Larkin" wrote:
> > "Patrick J. Larkin" wrote:
> >
> >> Hi --
> >>
> >> I ran a Port Scan on my YDL machine and found port 1024 is open. Anyone
> >> know what this is? An analysis program reported that it was a Trojan named
> >> "Netspy" but all of my research shows this as a Windows trojan.
> >>
> >> Anyone have any suggestions on what can be done?
> >>
> >> --
> >> Patrick Larkin
> >> Information and Communications Technology
> >> Bethlehem Area School District
> >
> > this is a known port to proxy services and i would suggest you shut it down or
> > you could be used in an atteck against machines in the void. do setup and kill
> > proxy and init 1 ; init 3 to make sure t is gone then do:
> >
> > Proto Recv-Q Send-Q Local Address Foreign Address State
> > tcp 0 0 10.0.2.1:22 10.0.2.127:745
> > ESTABLISHED
> > tcp 0 20 10.0.2.1:22 10.0.2.127:661
> > ESTABLISHED
> > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> > raw 0 0 0.0.0.0:6 0.0.0.0:* 7
> > raw 0 0 0.0.0.0:1 0.0.0.0:* 7
> > raw 0 0 0.0.0.0:6 0.0.0.0:* 7
> > Active UNIX domain sockets (servers and established)
> > Proto RefCnt Flags Type State I-Node Path
> > unix 2 [ ] DGRAM 410 /dev/log
> > unix 0 [ ] DGRAM 657
> > unix 0 [ ] DGRAM 422
> > [root@zuul rc.d]#
> >
> > than you should be good.
> >
> > good luck :)
> >
> > -D
> >
> >
>
> So are you saying I have a proxy server running. I have no idea what you
> mean "do setup." Sorry...
> --
> Patrick Larkin
> Information and Communications Technology
> Bethlehem Area School District
are you from NH ? name looks familar ( school name ). setup means run setup from a
prompt and goto services and scroll down to proxy and disable it. then run init1
then init 3 and check netstat -na | more to make sure that port is not open.
feel free to email me back if you need help.
-D
This archive was generated by hypermail 2a24 : Wed Apr 25 2001 - 10:04:59 MDT