Re: port list

Tue, 24 Sep 2002 18:44:24 -0700 

These are the only things in my /tmp directory
drwxrwxrwx    2 root     root         4096 Aug  5 06:51 .casp3000
drwxrwxrwx    2 root     root         4096 Aug 10 13:12 .casp3002
drwxrwxrwx    2 root     root         4096 Aug  5 06:51 .casp5101
drwxrwxrwt    2 xfs      xfs          4096 Aug  5 06:51 .font-unix
drwxr-xr-x    2 root     root         4096 May 16 18:21 
MailScanner.perl.modules
-rw-------    1 root     root           50 Sep 24 20:44 McAfeeBusy.lock
drwxr-xr-x    2 root     root         4096 Apr 12 17:47 k
drwx------    2 root     root         4096 Sep 24 20:44 ssh-yXo25644

The ssh should of course be me.

Steve


At 09:32 PM 9/24/2002 -0400, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Tuesday 24 September 2002 09:00 pm, Steve Buehler wrote:
> > Can anybody point me to a list of ports would be used on a linux based
> > system.  I have a weird one showing up on a netstat report:
>
>The file /etc/services is a good place to start.
>
> > /etc# netstat -na | grep 161.69.201.237
> > tcp        0      0
> > my_machines_ip_here:4156     161.69.201.237:20       ESTABLISHED
> > tcp      128      0
> > my_machines_ip_here:4154     161.69.201.237:21       CLOSE
>
>Looks like an ftp session from your machine to 161.69.201.237
>
> > I am trying to find out what they are because I received an report from
> > another server:
> > "Possible slapper worm infected host on your network. My timezone is
> > GMT 0"
> >
> > I have checked my version of openssl and it is 0.9.6-3.  I noticed that
> > the fix for the Linux.Slapper.Worm (according to Redhats site) is to
> > have at least version 0.9.5a-29.  So theoretically, I shouldn't have a
> > problem with that worm.....I think.
>
>Have you checked the contents of /tmp? The worm doesn't do much to hide
>it's presence. If infected, you'll probably find the file bugtrac.c in
>that directory. Note, newer versions of the worm have been found, the
>file names have changed but the evidence still exists in /tmp, I believe.
>
>- --
>- -Michael



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
ow3



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to