Dear friend. Recently one of my server attack by a person, he make a direstory in my /dev/ida/ path with .sys/aw name, I see open ports in my machine by nmap command and I see: Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) Interesting ports on cisgate.iut.ac.ir (213.29.206.17): (The 1531 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open sunrpc 443/tcp open https 515/tcp open printer 993/tcp open imaps 995/tcp open pop3s 3128/tcp open squid-http 6000/tcp open X11 32774/tcp open sometimes-rpc11 I don't know anything about sometimes-rpc11 port, and I don't know about this, How I can close this port, and what I must do for keep my server from attacking??? And I want know how he attack my server. Ps. My OS is linux redhat 7.2 By regards khademi -- _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Soheila Khademi e-mail: khademy@yahoo.com soheila@maniac.sdc.uwo.ca Network Admin khademi@cc.iut.ac.ir Network Services Center For Information Services (CIS) http://www.iut.ac.ir Isfahan University of Technology (IUT) Tel: 98 311 3915840-1,45 Isfahan, IRAN Fax: 98 311 3915805 _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.