[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] strange: Open Ports, not owned by processes, SuSe 9.1



Markus Gerke wrote:
Dear list!

I encountered a strange behaviour of my 9.1-Installation.
The system is listening to TCP-ports (for example 1024, 996) but I don't know which processes are assigned to it and I did not start a service.

...

That is OK, but after approx. 10 min. an additional port is open:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:1024 *:* LISTEN -
...

There is no process assigned to 1024.

I checked the system with chkrootkit and rkhunter, both negative.
Do you know this behaviour? Is this a backdoor?
...

lsof is your friend in cases like this (install it if it didn't get installed by default). Try:

lsof -Pn -i TCP:1024

Read the man page for it, it's a very useful command. :-)

HTH,
Kevin

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here