Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Unknow process listening on high port

from [Shawn Badger] Network Security [Permanent Link]
Subject: Re: Unknow process listening on high port
Date: Thu, 27 Oct 2005 07:44:46 -0700 
Fuser says the port is here, but gives no more information. I have ran
        chkrootkit on the servers and fortunately they both came back
        clean. I
        have also started watching traffic on the ports in question and
        noticed
        every so often that and pulls a couple test web pages. This is
        part of
        the High availability service and just using that high port to
        connect
        to the other server. I am not seeing any connections coming into
        the
        port in 24 hours of monitoring. I will keep monitoring and see
        what I
        find. Does anyone know why netstat reports a - for the pid
        though?
        
        
        
        On Tue, 2005-10-25 at 16:26 -0500, Bob Hacker wrote:
        > fuser -v -n tcp 39207
        >  
        > -bob
        > 
        > 
        >  
        > On 10/25/05, Shawn Badger <sbadger@cskauto.com> wrote: 
        >         I have been auditing a couple of my Suse enterprise 9
        servers
        >         and have
        >         come across a different port on each of them that
        doesn't show
        >         up when I 
        >         use lsof, but show up in nmap and netstat. The ports
        are
        >         39207/tcp on
        >         one server and 49751/tcp on the other. When I do lsof
        -i -n
        >         and grep it
        >         for the proper port I get no output. When I do netstat
        -ap I
        >         get an
        >         output, but the pid shows up as -. I haven't seen a
        process
        >         show up as a
        >         - before and don't where to start looking for that
        process.
        >         Here is the
        >         output of the netstat:
        >         server1:~# netstat -ap |grep 39207
        >         
        >         tcp        0      0 *:39207                 *:* 
        >         LISTEN -
        >         
        >         
        >         I get the same results on the other server as well Any
        ideas
        >         would be
        >         appreciated.
        >         
        >         
        >         
        >
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cisco Books, Karsten Iwen
Next by Date:  Re: Radius Profiles for Cisco using IAS, donandersonjr
Previous by Thread:  Re: Unknow process listening on high port, Steve.Cummings
Next by Thread:  Re: Help writing a back up script, enine
Indexes:  [Date] [Thread] [Top] [All Lists]