[SOLVED] Is my system being hacked with port switch/fowarded?

dman777 · 05-13-2011, 09:13 AM

Code:

localhost one # lsof -i
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
irssi    6950      one    3u  IPv4   6103      0t0  TCP 192.168.1.23:45636->card.freenode.net:ircd (ESTABLISHED)
java     7378 subsonic   68u  IPv4  11795      0t0  UDP *:1901 
java     7378 subsonic   72u  IPv4  11812      0t0  TCP *:43167 (LISTEN)
java     7378 subsonic   73u  IPv4  11813      0t0  TCP *:bzr (LISTEN)
java     7378 subsonic   76u  IPv4  11815      0t0  TCP *:9412 (LISTEN)
java     7378 subsonic   77u  IPv4  11816      0t0  TCP *:35443 (LISTEN)
java     7378 subsonic   78u  IPv4  13506      0t0  TCP 192.168.1.23:bzr->216-82-212-222.static.grandenetworks.net:47115 (ESTABLISHED)
java     7378 subsonic   79u  IPv4  13508      0t0  TCP 192.168.1.23:bzr->216-82-212-222.static.grandenetworks.net:47742 (ESTABLISHED)
localhost one #

I run a music server on my pc called Subsonic that runs in java. With it I can stream music from my pc to my phone through 3g.

Why is there a name called bzr listed as a port in:

Code:

java     7378 subsonic   73u  IPv4  11813      0t0  TCP *:bzr (LISTEN)

and I have:

Code:

java     7378 subsonic   78u  IPv4  13506      0t0  TCP 192.168.1.23:bzr->216-82-212-222.static.grandenetworks.net:47115 (ESTABLISHED)
java     7378 subsonic   79u  IPv4  13508      0t0  TCP

It kinda looks like my system is hacked with a port switch/forwarded.

nomb · 05-13-2011, 09:25 AM

Do you have something called bazaar installed?

dman777 · 05-14-2011, 01:53 AM

Ya, and I see that port 4155 is used for bzr which I sat my port number to for subsonic. Strange that wasn't listed in /etc/services. I guess this explains it. I never manually installed bazaar though(gentoo)...so I wonder why it's on my system.

jschiwal · 05-14-2011, 02:16 AM

It might not be installed. lsof may have it's own internal list of well known ports and substitute it for the port number. The command listed is 'java'.

unSpawn · 05-14-2011, 03:40 AM

Quote:

Originally Posted by jschiwal

lsof may have it's own internal list of well known ports and substitute it for the port number.

The standard "database" system utilities query for resolving port names is /etc/services. Running listings with at least the "-n" flag (as in 'netstat -an', 'lsof -Pwln', 'ls -aln') provides cleaner output, can less easily be misinterpreted and avoids any speed issues due to any form of resolution.

dman777 · 05-14-2011, 05:28 AM

That's what is kind of throwing me off...bzr isn't listed in /etc/services. Seems like it should be.

unSpawn · 05-14-2011, 05:44 AM

Odd (but not as odd as me not reading the thread right, sorry ;-p). Revision 2830 of trunk/etc/services states TCP/4155 was added back in 2007...