Re: Weird Port Open


Subject: Re: Weird Port Open
From: cdowns (cdowns@skillsoft.com)
Date: Wed Apr 25 2001 - 10:05:51 MDT


cdowns wrote:

> "Patrick J. Larkin" wrote:
>
> > > "Patrick J. Larkin" wrote:
> > >
> > >> Hi --
> > >>
> > >> I ran a Port Scan on my YDL machine and found port 1024 is open. Anyone
> > >> know what this is? An analysis program reported that it was a Trojan named
> > >> "Netspy" but all of my research shows this as a Windows trojan.
> > >>
> > >> Anyone have any suggestions on what can be done?
> > >>
> > >> --
> > >> Patrick Larkin
> > >> Information and Communications Technology
> > >> Bethlehem Area School District
> > >
> > > this is a known port to proxy services and i would suggest you shut it down or
> > > you could be used in an atteck against machines in the void. do setup and kill
> > > proxy and init 1 ; init 3 to make sure t is gone then do:
> > >
> > > Proto Recv-Q Send-Q Local Address Foreign Address State
> > > tcp 0 0 10.0.2.1:22 10.0.2.127:745
> > > ESTABLISHED
> > > tcp 0 20 10.0.2.1:22 10.0.2.127:661
> > > ESTABLISHED
> > > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> > > raw 0 0 0.0.0.0:6 0.0.0.0:* 7
> > > raw 0 0 0.0.0.0:1 0.0.0.0:* 7
> > > raw 0 0 0.0.0.0:6 0.0.0.0:* 7
> > > Active UNIX domain sockets (servers and established)
> > > Proto RefCnt Flags Type State I-Node Path
> > > unix 2 [ ] DGRAM 410 /dev/log
> > > unix 0 [ ] DGRAM 657
> > > unix 0 [ ] DGRAM 422
> > > [root@zuul rc.d]#
> > >
> > > than you should be good.
> > >
> > > good luck :)
> > >
> > > -D
> > >
> > >
> >
> > So are you saying I have a proxy server running. I have no idea what you
> > mean "do setup." Sorry...
> > --
> > Patrick Larkin
> > Information and Communications Technology
> > Bethlehem Area School District
>
> are you from NH ? name looks familar ( school name ). setup means run setup from a
> prompt and goto services and scroll down to proxy and disable it. then run init1
> then init 3 and check netstat -na | more to make sure that port is not open.
>
> feel free to email me back if you need help.
>
> -D

this is the easy way im not sure of your unix experience, there are may other ways to
do the same thing. :)

-D



This archive was generated by hypermail 2a24 : Wed Apr 25 2001 - 10:08:08 MDT