LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-04-2005, 11:26 AM   #1
Dstruct0
Member
 
Registered: Jun 2005
Distribution: Debian Etch, Lenny, Squeeze
Posts: 37

Rep: Reputation: 0
Nessus security notes about ipcserver(port 600)


I'm using Debian Sarge(stable) and recently installed nessus and noticed one of the security notes for ipcserver(port 600):




*************************************************************
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s);
Sadmind

Unless you know for sure what is behind it,
you'd better check your system.


***Anyway don't panic, Nessus only found an open port, it may
have been dynamically allocated to some service(RPC)...

Solution: if a trojan horse is running, run a good antivirus
scanner

Risk factor: low

***************************************************************

Should I be concerned? How can i close this port? Thanks.
 
Old 07-04-2005, 12:10 PM   #2
Dstruct0
Member
 
Registered: Jun 2005
Distribution: Debian Etch, Lenny, Squeeze
Posts: 37

Original Poster
Rep: Reputation: 0
I saw the above mentioned warning yesterday but not today.

Please help.

Last edited by Dstruct0; 07-04-2005 at 12:32 PM.
 
Old 07-07-2005, 01:24 PM   #3
Atrocity
Member
 
Registered: Nov 2002
Location: Hell
Distribution: FreeBSD, Slackware
Posts: 308

Rep: Reputation: 30
I would subscribe to the nessus forums on nessus's website, that would probably be the best reference on understanding nessus output...

But I think all that means is that you have an open port and you should check if its being used by a program, try running a comand that shows the ports that are in use like Netstat or PS.... Also if you are runnng a firewall try closing that port if you dont think you are using it for anything
 
Old 07-07-2005, 04:18 PM   #4
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
That is relativly common. Do a netstat -ap and see what process is using the port.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Nessus install script not finding nessus.tar.gz darin3200 Linux - Software 1 08-15-2005 05:35 PM
Nessus Security Scanner jbclarkman Mandriva 1 01-15-2005 10:34 PM
Using Nessus as a security tool on 9.1 odin123 Slackware 2 11-16-2003 04:07 PM
Nessus found Garcon/port 999 on a Win 98 client thepenguinhippy Linux - Security 6 10-10-2003 02:17 PM
'Port 21 disabled for security' tfletcher Linux - General 5 12-05-2001 07:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration