|
NO SECURITY PROBLEM after all
What I posted below is now known to be no problem at all.
Since then, I've widened my window and run netstat --inet -latp which gives me the program listening on the port tcp/675. I must have recompiled the kernel with "quota support" ... it is the quota daemon listening.... /rpc.rquotad ignore the earlier post left here for reference.... ********************************************* I loaded the openssh patches for Slackware 8.1 last week and became somewhat concerned that the famous trojan was included in these patches even though they were patched as binaries and, as I understand it, the trojan is generated on and damages the system on the machine used in the compilation of the package but does not become part of the binary package. What concerns me now is to find one unknown "listening port" on one of my machines... When I run netstat --inet -lat I find many ports listening with known services but one with a service listed as "unknown"... This port is not defined/listed in the /etc/services file... The port number is 675/tcp. What is listening on that port? Does anyone know how to kill a port that is not even listed in the /etc/services file? Could I, perhaps, assign this port to some junk service that is early loaded in the boot and so disable it from listening with an unknown service? It would be rather nice if there were some utility for shutting down ports by number rather than by just killing the service that uses it. Does anyone know how to do this?? Olivia (olivia.jensen@mcgill.ca) |
According to some port list the port is used for "Digital Transmission Content Protection" but that doesn't say much. Add the "-p" to your netstat and correlate this pid either tru ps or lsof to find the binar(y|ies) to kill. The problem for an app killing by port number is obvious, like not everything running on port 22 *is* sshd :-]
|
| All times are GMT -5. The time now is 08:22 PM. |