[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] strange: Open Ports, not owned by processes, SuSe 9.1
Markus Gerke wrote:
I encountered a strange behaviour of my 9.1-Installation.
The system is listening to TCP-ports (for example 1024, 996) but I don't
know which processes are assigned to it and I did not start a service.
That is OK, but after approx. 10 min. an additional port is open:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 *:1024 *:*
There is no process assigned to 1024.
I checked the system with chkrootkit and rkhunter, both negative.
Do you know this behaviour? Is this a backdoor?
lsof is your friend in cases like this (install it if it didn't get
installed by default). Try:
lsof -Pn -i TCP:1024
Read the man page for it, it's a very useful command. :-)
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here