Hi there
On 22/08/17 18:01, Thomas Schmitt wrote:
Question is whether it can be unambiguously recognized in netstat output
as long as it is visible.
Further: Is it always only one hidden port ?
It's always a callback from a Stretch NFS server to a Jessie NFS client.
It occurs when the cli
Hi,
i wrote:
> > E.g. try to patch unhide-tcp so that it reads the NFS port number from
> > a file which you create before the Rkhunter run.
Rob van der Putten wrote:
> I would have to find out when NFS does a callback an then dump the local
> port into a file.
Earlier:
> > > The hidden port lin
Hi there
On 22/08/17 15:23, Thomas Schmitt wrote:
It seems that it was fixed or suppressed intermediately.
The newer post says "It's back!".
I already stated my enthusiasm on occasion of your post about DVD ejecting.
It is discouraging to get ignored after having invested substantial
effort
Hi,
Rob van der Putten wrote:
> And this post is over a year old.
It seems that it was fixed or suppressed intermediately.
The newer post says "It's back!".
> One would expect this to be fixed by now.
I already stated my enthusiasm on occasion of your post about DVD ejecting.
It is discouragin
Hi there
On 22/08/17 12:38, Thomas Schmitt wrote:
Rob van der Putten wrote:
I think this may be a kernel bug.
A valid theory for now. I googled on:
https://askubuntu.com/questions/851986/rkhunter-reports-hidden-tcp-port-probably-nfs-server
brings me to
http://www.mail-archive.com/lin
Hi,
Rob van der Putten wrote:
> I think this may be a kernel bug.
A valid theory for now. I googled on:
https://askubuntu.com/questions/851986/rkhunter-reports-hidden-tcp-port-probably-nfs-server
brings me to
http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg910866.html
Some suspic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Aug 22, 2017 at 12:02:45PM +0200, Rob van der Putten wrote:
> Hi there
>
>
> On 22/08/17 11:44, to...@tuxteam.de wrote:
>
>
>
> >>This raises the question why netstat does not show Rob's NFS ports.
> >>Does NFS change the port fast enough
Hi there
On 22/08/17 11:44, to...@tuxteam.de wrote:
This raises the question why netstat does not show Rob's NFS ports.
Does NFS change the port fast enough so that netstat and port scan differ ?
A good question. I guess we need more details from the OP.
The hidden port lingers on for da
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Aug 22, 2017 at 11:14:51AM +0200, Thomas Schmitt wrote:
> Hi,
>
> to...@tuxteam.de wrote:
> > What on earth is "unhide-tcp"?
>
> A very heuristic thing, as it seems:
Hm. Thanks.
> This raises the question why netstat does not show Rob's NFS
Hi,
to...@tuxteam.de wrote:
> What on earth is "unhide-tcp"?
A very heuristic thing, as it seems:
https://linux.die.net/man/8/unhide-tcp
"unhide-tcp is a forensic tool that identifies TCP/UDP ports that
are listening but are not listed in /bin/netstat through brute
forcing of all TCP/U
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Aug 22, 2017 at 10:55:09AM +0200, to...@tuxteam.de wrote:
> On Tue, Aug 22, 2017 at 10:31:03AM +0200, Rob van der Putten wrote:
> > Hi there
> >
> >
> > More stretch weirdness:
> > Rkhunter alerts me to a hidden port. Restarting NFS changes t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Aug 22, 2017 at 10:31:03AM +0200, Rob van der Putten wrote:
> Hi there
>
>
> More stretch weirdness:
> Rkhunter alerts me to a hidden port. Restarting NFS changes the port
> number. Today I did a netstat after restarting NFS and then run
> un
Hi there
More stretch weirdness:
Rkhunter alerts me to a hidden port. Restarting NFS changes the port
number. Today I did a netstat after restarting NFS and then run
unhide-tcp a few times: It's the client side of RPC NFS callback.
What can I do about this?
Regards,
Rob
13 matches
Mail list logo
