Re: Weird Ports Showing for XINETD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You can use lsof to determine what application is openeing a port, just
pipe the output of lsof to a grep for the port you;re looking for. If
you're suspicious of an application being compromised such as xinetd you
can verify the checksum with the rpm command "#rpm -V xinetd", keep in
mind that a good hacker can modify the rpm checksum file though, but
it's an easy preliminary check if you're suspicious and should alert you
if you've been hit by a script kiddie.

Dominic Rivera
(503) 947-7308
dominic.rivera@xxxxxxxxxxx

>>> bfranck@xxxxxxxxxxxxxxxxx 10/29/03 01:18PM >>>
Steve,

Thanks for your reply, but I have a question.   SGI_FAM is started
through
xinetd, yes, but the file indicates that it's a TCP protocol....my open
port
is UDP.  Are you sure we're talking aobut the same animal??

Brett




----- Original Message ----- 
From: "Rigler, Steve" <SRigler@xxxxxxxxxxxxxxx>
To: <redhat-list@xxxxxxxxxx>
Sent: Wednesday, October 29, 2003 2:52 PM
Subject: RE: Weird Ports Showing for XINETD


> There was a thread about this a while back.  The culprit
> was sgi_fam.  The general consensus seemed to be to leave
> it running.
>
> -Steve
>
> > -----Original Message-----
> > From: redhat-list-admin@xxxxxxxxxx 
> > [mailto:redhat-list-admin@xxxxxxxxxx]On Behalf Of Brett Franck
> > Sent: Wednesday, October 29, 2003 2:18 PM
> > To: redhat-list@xxxxxxxxxx 
> > Subject: Weird Ports Showing for XINETD
> >
> >
> > REPOST Without HTML junk......sry bout the HTML
> > postings.......maybe someone
> > has an answer to my ques?
> >
> >
> >
> >
> >
> >
> > Okay since I last wrote about messing up my server with a Chroot
jail,
> > things have definately changed.
> >
> > I installed RH9 and put it on an IBM Netvista 866 w/384Mg Ram
> > /proc/kcore
> > shows 401477632 Oct 28 11:53 /proc/kcore..... Vs RH8.0 on a junker
450
> > w/320Mg Ram
> >
> > All is running well but I do have one question.....maybe it
> > was this way in
> > RH 8.0, I never noticed, but I'm pretty sure I would have
> > noticed an open
> > errant port not assigned to anything.
> >
> > netstat -taup shows a UDP port open by XINETD (BY the way,
> > I"m not running
> > anything with xinetd).......I first noticed it because the
> > CHKROOTKIT bawled
> > out an alert when the XINETD port was running on 1008  ... now it's
on
> > 923....has been on 979.....etc.....moves when I restart
> > Xinetd.....is this
> > the result of running xinetd as xinetd -stayalive -pidfile
> > /var/run/xinetd.pid
> > thus keeping a UDP port open to support the PID?????
> >
> > Brett
> >
> >
> >
> > -- 
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe 
> > https://www.redhat.com/mailman/listinfo/redhat-list 
> >
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe

> https://www.redhat.com/mailman/listinfo/redhat-list 
>



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe 
https://www.redhat.com/mailman/listinfo/redhat-list


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux