From: "Keg" <redhat@xxxxxxxxxxx> > > I have shutdown syslog and looked at everything in /etc/xinetd.conf and > /etc/xinetd.d/* and cannot find what is listening on TCP port 514. > > syslog:/usr/local/syslog-ng-1.6.3 #netstat -anp | grep LIST > tcp 0 0 0.0.0.0:512 0.0.0.0:* > LISTEN 1597/xinetd > tcp 0 0 0.0.0.0:32768 0.0.0.0:* > LISTEN 1506/rpc.statd > tcp 0 0 127.0.0.1:32769 0.0.0.0:* > LISTEN 1597/xinetd > tcp 0 0 0.0.0.0:513 0.0.0.0:* > LISTEN 1597/xinetd > tcp 0 0 0.0.0.0:514 0.0.0.0:* > LISTEN 1597/xinetd <snip> > What is binding to this port??? Try doing a "grep 514 /etc/xinetd.d/*". You can also do a chkconfig --list, and at the bottom will be a list of xinetd services and whether they're set to run automatically or not. Finally, you should always check dshield.com, as they'll not only tell you what the port *should* be running, but also what virii/trojans will grab the port. In this case: http://www.dshield.com/port_report.php?port=514&recax=1&tarax=2&srcax=2&percent=N&days=40 shows that there are two trojans that also like that port. Ben -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
