Re: Closing port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You can use "rpcinfo -p" to determine which rpc process is using that port.  I 
think that one is usually ruserd.

Toby


> Dear friend.
>
> Recently one of my server attack by a person, he make a direstory in my
> /dev/ida/ path with .sys/aw name, I see open ports in my machine by nmap
> command and I see:
>
> Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
> Interesting ports on cisgate.iut.ac.ir (213.29.206.17):
> (The 1531 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 22/tcp     open        ssh
> 25/tcp     open        smtp
> 80/tcp     open        http
> 111/tcp    open        sunrpc
> 443/tcp    open        https
> 515/tcp    open        printer
> 993/tcp    open        imaps
> 995/tcp    open        pop3s
> 3128/tcp   open        squid-http
> 6000/tcp   open        X11
> 32774/tcp  open        sometimes-rpc11
>
>  I don't know anything about sometimes-rpc11 port, and I don't know about
> this, How I can close this port, and what I must do for keep my server
> from attacking???
> And  I want know how he attack my server.
> Ps. My OS is linux redhat 7.2
> By regards khademi
>
>  --
> _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>  Soheila Khademi
>                                            e-mail: khademy@yahoo.com
>                                                   soheila@maniac.sdc.uwo.ca
>  Network Admin                                    khademi@cc.iut.ac.ir
>  Network Services
>  Center For Information Services  (CIS)    http://www.iut.ac.ir
>  Isfahan University of Technology (IUT)    Tel: 98 311 3915840-1,45
>  Isfahan, IRAN                             Fax: 98 311 3915805
> _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>
>
>
>
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@linuxsecurity.com
>          with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.



[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux