extra open ports in rkhunter
Anonymous
swell.k at gmail.com
Sun Sep 19 03:05:58 UTC 2010
Chuck Swiger <cswiger at mac.com> writes:
> Hi--
>
> On Sep 18, 2010, at 4:27 PM, Carl Johnson wrote:
>> The following are the ports if anybody has any ideas, but I would also like to know how to trace them down myself:
>>
>> tcp4 0 0 *.876 *.* LISTEN
>> tcp6 0 0 *.921 *.* LISTEN
>> udp4 0 0 *.608 *.*
>> udp6 0 0 *.952 *.*
>> udp6 0 0 *.804 *.*
Do you have some networking FS enabled (NFS, AFS, Coda, etc)? Perhaps,
one of them listens for connections from kernel and is not associated
with userland process. But it's just a guess.
>
> Try:
>
> lsof -i tcp:876
>
> ...and so forth for the other ports; this will give you the process ID of whatever is holding that socket.
Speaking of processes, procstat(1) can show them, too.
$ procstat -af | (IFS= read hdr && echo $hdr; fgrep UDP)
PID COMM FD T V FLAGS REF OFFSET PRO NAME
1023 syslogd 6 s - rw------ 1 0 UDP ::.514 ::.0
1023 syslogd 7 s - rw------ 1 0 UDP 0.0.0.0:514 0.0.0.0:0
1170 nfsuserd 3 s - rw------ 8 0 UDP 0.0.0.0:998 0.0.0.0:0
More information about the freebsd-questions
mailing list