LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   IS some kind of spy soft or virus soft using my port 56152? (https://www.linuxquestions.org/questions/linux-server-73/is-some-kind-of-spy-soft-or-virus-soft-using-my-port-56152-a-4175551008/)

luofeiyu 08-18-2015 12:04 AM

IS some kind of spy soft or virus soft using my port 56152?
 
sudo nmap localhost -p 0-65535

Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-18 07:51 HKT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000013s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 65531 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
3306/tcp open mysql
56152/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 9.88 seconds

IS some kind of spy soft or virus soft using my port 56152?

fabvinch 08-18-2015 01:51 AM

First check what is listening with :
netstat -ntpl

If you don't find any process listening on this port, you can try rkhunter or chkrootkit to check for rootkits.

wildwizard 08-18-2015 05:10 AM

Use lsof to find out what is listening on that port

luofeiyu 08-18-2015 06:28 PM

root@pengsir:/home/debian8# sudo nmap localhost -p 0-65535

Starting Nmap 6.47 ( http://nmap.org ) at 2011-01-01 00:12 HKT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000013s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 65531 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
3306/tcp open mysql
49997/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 9.79 seconds
root@pengsir:/home/debian8# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:49997 0.0.0.0:* LISTEN 532/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 523/rpcbind
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1490/exim4
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1010/mysqld
tcp6 0 0 :::111 :::* LISTEN 523/rpcbind
tcp6 0 0 :::80 :::* LISTEN 1054/apache2
tcp6 0 0 :::43990 :::* LISTEN 532/rpc.statd
tcp6 0 0 ::1:25 :::* LISTEN 1490/exim4
root@pengsir:/home/debian8# lsof -i:49997
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpc.statd 532 statd 9u IPv4 10842 0t0 TCP *:49997 (LISTEN)

kill 532

unSpawn 08-18-2015 08:06 PM

Quote:

Originally Posted by luofeiyu (Post 5407649)
kill 532

That's nice but it's wrong. Stop, then disable RPC services instead. Ensure you properly harden and audit the machine.


All times are GMT -5. The time now is 06:51 PM.