I believe it's: ipchains -A INPUT -p tcp 32774 -j DROP This will drop any connection from the outside to the sometimes-rpc11 port. You should also try to find out which program that is. Damon On Thu, 2002-11-07 at 15:00, S. Khademi wrote: > I use ipchains, what command I should add to this file? > > On 7 Nov 2002, Damon Brinkley wrote: > > > You need to find out what process is listening on that port and stop > > it. Otherwise setup Iptables to block connections to that port. > > > > Damon > > > > On Thu, 2002-11-07 at 14:50, S. Khademi wrote: > > > Dear friend. > > > > > > Recently one of my server attack by a person, he make a direstory in my > > > /dev/ida/ path with .sys/aw name, I see open ports in my machine by nmap > > > command and I see: > > > > > > Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) > > > Interesting ports on cisgate.iut.ac.ir (213.29.206.17): > > > (The 1531 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 22/tcp open ssh > > > 25/tcp open smtp > > > 80/tcp open http > > > 111/tcp open sunrpc > > > 443/tcp open https > > > 515/tcp open printer > > > 993/tcp open imaps > > > 995/tcp open pop3s > > > 3128/tcp open squid-http > > > 6000/tcp open X11 > > > 32774/tcp open sometimes-rpc11 > > > > > > I don't know anything about sometimes-rpc11 port, and I don't know about > > > this, How I can close this port, and what I must do for keep my server > > > from attacking??? > > > And I want know how he attack my server. > > > Ps. My OS is linux redhat 7.2 > > > By regards khademi > > > > > > -- > > > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > > > Soheila Khademi > > > e-mail: khademy@yahoo.com > > > soheila@maniac.sdc.uwo.ca > > > Network Admin khademi@cc.iut.ac.ir > > > Network Services > > > Center For Information Services (CIS) http://www.iut.ac.ir > > > Isfahan University of Technology (IUT) Tel: 98 311 3915840-1,45 > > > Isfahan, IRAN Fax: 98 311 3915805 > > > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > To unsubscribe email security-discuss-request@linuxsecurity.com > > > with "unsubscribe" in the subject of the message. > > > > > > > > > > > > ------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > > > -- > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > Soheila Khademi > e-mail: khademy@yahoo.com > soheila@maniac.sdc.uwo.ca > Network Admin khademi@cc.iut.ac.ir > Network Services > Center For Information Services (CIS) http://www.iut.ac.ir > Isfahan University of Technology (IUT) Tel: 98 311 3915840-1,45 > Isfahan, IRAN Fax: 98 311 3915805 > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > > > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
