LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Is my system being hacked with port switch/fowarded? (https://www.linuxquestions.org/questions/linux-security-4/is-my-system-being-hacked-with-port-switch-fowarded-880529/)

dman777 05-13-2011 09:13 AM
Is my system being hacked with port switch/fowarded?
 
Code:
localhost one # lsof -i
COMMAND  PID    USER  FD  TYPE DEVICE SIZE/OFF NODE NAME
irssi    6950      one    3u  IPv4  6103      0t0  TCP 192.168.1.23:45636->card.freenode.net:ircd (ESTABLISHED)
java    7378 subsonic  68u  IPv4  11795      0t0  UDP *:1901
java    7378 subsonic  72u  IPv4  11812      0t0  TCP *:43167 (LISTEN)
java    7378 subsonic  73u  IPv4  11813      0t0  TCP *:bzr (LISTEN)
java    7378 subsonic  76u  IPv4  11815      0t0  TCP *:9412 (LISTEN)
java    7378 subsonic  77u  IPv4  11816      0t0  TCP *:35443 (LISTEN)
java    7378 subsonic  78u  IPv4  13506      0t0  TCP 192.168.1.23:bzr->216-82-212-222.static.grandenetworks.net:47115 (ESTABLISHED)
java    7378 subsonic  79u  IPv4  13508      0t0  TCP 192.168.1.23:bzr->216-82-212-222.static.grandenetworks.net:47742 (ESTABLISHED)
localhost one #
I run a music server on my pc called Subsonic that runs in java. With it I can stream music from my pc to my phone through 3g.

Why is there a name called bzr listed as a port in:
Code:
java    7378 subsonic  73u  IPv4  11813      0t0  TCP *:bzr (LISTEN)
and I have:

Code:
java    7378 subsonic  78u  IPv4  13506      0t0  TCP 192.168.1.23:bzr->216-82-212-222.static.grandenetworks.net:47115 (ESTABLISHED)
java    7378 subsonic  79u  IPv4  13508      0t0  TCP

It kinda looks like my system is hacked with a port switch/forwarded.

nomb 05-13-2011 09:25 AM
Do you have something called bazaar installed?

dman777 05-14-2011 01:53 AM
Ya, and I see that port 4155 is used for bzr which I sat my port number to for subsonic. Strange that wasn't listed in /etc/services. I guess this explains it. I never manually installed bazaar though(gentoo)...so I wonder why it's on my system.

jschiwal 05-14-2011 02:16 AM
It might not be installed. lsof may have it's own internal list of well known ports and substitute it for the port number. The command listed is 'java'.

unSpawn 05-14-2011 03:40 AM
Quote:
Originally Posted by jschiwal (Post 4356045)
lsof may have it's own internal list of well known ports and substitute it for the port number.
The standard "database" system utilities query for resolving port names is /etc/services. Running listings with at least the "-n" flag (as in 'netstat -an', 'lsof -Pwln', 'ls -aln') provides cleaner output, can less easily be misinterpreted and avoids any speed issues due to any form of resolution.

dman777 05-14-2011 05:28 AM
That's what is kind of throwing me off...bzr isn't listed in /etc/services. Seems like it should be.

unSpawn 05-14-2011 05:44 AM
Odd (but not as odd as me not reading the thread right, sorry ;-p). Revision 2830 of trunk/etc/services states TCP/4155 was added back in 2007...


All times are GMT -5. The time now is 08:51 AM.