LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-30-2007, 06:23 AM   #1
edenCC
Member
 
Registered: May 2006
Location: Gz,China
Distribution: RH,FB
Posts: 196
Blog Entries: 1

Rep: Reputation: 32
Zombie port?


Hi, folks;

I'm managing a large scale of linux majored network.I found some thing strange these months.
On some linux server(kernel-2.4), there are zombie port that has no relation with any process, when using `lsof -i:P_O_R_T', no process listed; but if you are tying `netstat -lnp' as root, you can see the exactly opened port like this
Code:
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:40250           0.0.0.0:*               LISTEN      -
my question is:
1, how to detect which process generated this port?
2, how to shutdown this opened port?

thanks for any claw,
 
Old 03-30-2007, 03:30 PM   #2
Khabi
Member
 
Registered: Aug 2003
Location: Arizona
Distribution: Gentoo
Posts: 142

Rep: Reputation: 15
Well, if there is no running application claiming it, my first suggestion would be to run something like chkrootkit and make sure there isn't a rootkit installed.

Have you tried connecting to it with telnet or something similar to see if it announces itself?
You could also try runing tcpdump on it to see if its passing any traffic.

You could add an IPtables ruleset to block both outgoing and incoming connections on that port as well in the meantime, see what breaks when you do it

Normally, I think that anything that doesn't have a appliciation claiming it, its up to some nafarious purpose tho.
 
Old 03-30-2007, 04:48 PM   #3
treed
Member
 
Registered: Sep 2003
Posts: 45

Rep: Reputation: 15
Is this an entry in services?

If you are not sure use iptables to block that port.
You can also install portsentry or tripwire.

Tameika

Last edited by treed; 03-30-2007 at 04:51 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Zombie Process N|k0N Linux - Security 8 09-22-2007 02:01 AM
zombie process ihatecomputers Linux - Software 2 03-24-2005 07:09 AM
zombie nyk Linux - Software 5 10-27-2004 08:29 PM
xscreensaver goes zombie? jpbarto Linux - Software 1 08-11-2003 03:55 PM
zombie processes mhr Linux - Newbie 1 06-19-2003 09:49 PM


All times are GMT -5. The time now is 02:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration