LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-18-2015, 12:04 AM   #1
luofeiyu
Member
 
Registered: Aug 2015
Posts: 229

Rep: Reputation: Disabled
IS some kind of spy soft or virus soft using my port 56152?


sudo nmap localhost -p 0-65535

Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-18 07:51 HKT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000013s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 65531 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
3306/tcp open mysql
56152/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 9.88 seconds

IS some kind of spy soft or virus soft using my port 56152?
 
Old 08-18-2015, 01:51 AM   #2
fabvinch
LQ Newbie
 
Registered: Jun 2015
Posts: 3

Rep: Reputation: Disabled
First check what is listening with :
netstat -ntpl

If you don't find any process listening on this port, you can try rkhunter or chkrootkit to check for rootkits.
 
Old 08-18-2015, 05:10 AM   #3
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 875

Rep: Reputation: 281Reputation: 281Reputation: 281
Use lsof to find out what is listening on that port
 
Old 08-18-2015, 06:28 PM   #4
luofeiyu
Member
 
Registered: Aug 2015
Posts: 229

Original Poster
Rep: Reputation: Disabled
root@pengsir:/home/debian8# sudo nmap localhost -p 0-65535

Starting Nmap 6.47 ( http://nmap.org ) at 2011-01-01 00:12 HKT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000013s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 65531 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
3306/tcp open mysql
49997/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 9.79 seconds
root@pengsir:/home/debian8# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:49997 0.0.0.0:* LISTEN 532/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 523/rpcbind
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1490/exim4
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1010/mysqld
tcp6 0 0 :::111 :::* LISTEN 523/rpcbind
tcp6 0 0 :::80 :::* LISTEN 1054/apache2
tcp6 0 0 :::43990 :::* LISTEN 532/rpc.statd
tcp6 0 0 ::1:25 :::* LISTEN 1490/exim4
root@pengsir:/home/debian8# lsof -i:49997
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpc.statd 532 statd 9u IPv4 10842 0t0 TCP *:49997 (LISTEN)

kill 532
 
Old 08-18-2015, 08:06 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596
Quote:
Originally Posted by luofeiyu View Post
kill 532
That's nice but it's wrong. Stop, then disable RPC services instead. Ensure you properly harden and audit the machine.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
The soft limit is not very soft tesla75 Linux - General 2 06-22-2015 09:28 AM
Sound is very soft Joe Soap Linux - Newbie 7 01-09-2008 12:59 AM
soft links linuxtesting2 Solaris / OpenSolaris 2 06-12-2006 02:39 PM
i need soft FTP kotlt Ubuntu 5 03-13-2006 06:16 AM
Sound too soft GreatBrak Linux - Hardware 3 08-14-2005 02:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration