|
Suspicious process running under user rpc
Hi All - newbie here...
Im getting this error from LFD sent to me over the past few days quite often and its bothering me a little - I have no idea what it means or what to do about it - can anyone help?
Time: Mon Jun 27 16:07:04 2011 +1100
PID: 28258
Account: rpc
Uptime: 126188 seconds
Executable:
/sbin/portmap
Command Line (often faked in exploits):
portmap
Network connections by the process (if any):
udp: 0.0.0.0:111 -> 0.0.0.0:0
tcp: 0.0.0.0:111 -> 0.0.0.0:0
Files open by the process (if any):
/dev/null
/dev/null
/dev/null
Memory maps by the process (if any):
b7da4000-b7dad000 r-xp 00000000 00:1a 17369080 /lib/libnss_files-2.3.4.so
b7dad000-b7dae000 r-xp 00008000 00:1a 17369080 /lib/libnss_files-2.3.4.so
b7dae000-b7daf000 rwxp 00009000 00:1a 17369080 /lib/libnss_files-2.3.4.so
b7daf000-b7db0000 rwxp b7daf000 00:00 0
b7db0000-b7ed6000 r-xp 00000000 00:1a 13142177 /lib/tls/libc-2.3.4.so
b7ed6000-b7ed8000 r-xp 00125000 00:1a 13142177 /lib/tls/libc-2.3.4.so
b7ed8000-b7eda000 rwxp 00127000 00:1a 13142177 /lib/tls/libc-2.3.4.so
b7eda000-b7edd000 rwxp b7eda000 00:00 0
b7edd000-b7ef0000 r-xp 00000000 00:1a 17369042 /lib/libnsl-2.3.4.so
b7ef0000-b7ef1000 r-xp 00012000 00:1a 17369042 /lib/libnsl-2.3.4.so
b7ef1000-b7ef2000 rwxp 00013000 00:1a 17369042 /lib/libnsl-2.3.4.so
b7ef2000-b7ef4000 rwxp b7ef2000 00:00 0
b7efd000-b7efe000 r-xp b7efd000 00:00 0 [vdso]
b7efe000-b7f14000 r-xp 00000000 00:1a 17369074 /lib/ld-2.3.4.so
b7f14000-b7f15000 r-xp 00015000 00:1a 17369074 /lib/ld-2.3.4.so
b7f15000-b7f16000 rwxp 00016000 00:1a 17369074 /lib/ld-2.3.4.so
b7f16000-b7f1d000 r-xp 00000000 00:1a 17368352 /sbin/portmap
b7f1d000-b7f1e000 rwxp 00007000 00:1a 17368352 /sbin/portmap
b8f02000-b8f23000 rwxp b8f02000 00:00 0
bfa41000-bfa57000 rw-p bfa41000 00:00 0 [stack]
|
